You certainly can’t rule out a large company making dumb moves but I have gotten the impression that they’re very hesitant to do anything which would make companies stop trusting them with private data, and the controls they have like allowing you to control the encryption policy for Code Whisperer data support that. It’d have to be worth a lot to make customers question whether it’s safe to use S3 (which uses the same mechanism).