Glenn Fleishman, writing for Macworld:

Apple has blind spots when it comes to encryption. It encrypts the synchronization of contacts, calendar entries, and other information across its iCloud service, but with the exception of Keychain entries, that information is stored in a way that Apple can access, and provide access to law enforcement. Apple could shift to a method used by other companies, including AgileBits with the cloud side of its 1Password ecosystem, where data is always encrypted, and client software (including Web apps) handles the decryption locally. They could built this into iOS and OS X so that third-party apps would be able to handle data seamlessly for sync.

And:

Apple hasn’t kept up with the best practices now understood to achieve the goal of preventing outside parties from gaining access to messages and audio/video sessions.

I find the disparity between the deep protection of the Secure Enclave and the much more accessible iCloud approach puzzling. Is this intentional? Due to a lack of resources?