Unless you opt to run all your own stuff you will need to trust someone. Even if all of Microsoft's code were open source, how can you trust they're not running a modified version?
Open-sourcing helps though. Also, relying on ISO for the standard (which has been sketchy in the past when it comes to Microsoft, see also OOXML) was probably not a good idea. Microsoft doesn't have a great reputation for security either.
It's true, ultimately cloud security relies on trust, but I don't think Microsoft has done enough to deserve my trust, even if this is a good step forward.
