Under US law at the moment, everything point into the direction that the authorities can access the data hosted in the US while preventing the hosting company (Rackspace) to inform the client (us). The problem is also that the authorities do not even respect the law and you read nearly every month how they allowed themselves to kind of "wiretap" without the correct rights. So basically hosting in the US with the track record of the US authorities is not acceptable.

I'm pretty sure national security rules pretty much nullify any sort of Safe Harbor agreement.

Otherwise, it's just paranoia (and probably justified). As an America with nothing particularly interesting, even I am not real hot on the idea of storing information "in the cloud" right now.