The first thing you described, renting a server for making shared materials available and as an off-site back, is something I have absolutely no issue with and recognize as a very useful thing. It also poses very few security issues, outside of the typical vulnerabilities and major SNAFUs that you'll find across all tech solutions.
As for most people needing nothing more than a thin client, while this is true in terms of computing power, a thin client wouldn't offer much (if anything) in terms of price over a low-powered PC, not to mention that companies offering the OS as a service aren't likely to be doing it for free. Additionally, reliability will probably be decreased, as there are now two additional points of general failure, the server and the connection, in addition to the local hardware. At the company that I work for (~180 employee biotech company) we have midrange PCs for our offices, then low-powered PCs that we use in the labs which just run a remote desktop client to connect us to our office PCs (basically just acting as thin clients). About every 10 minutes the system hiccups due to either resyncing with the office PC or because of network congestion. It's no issue as computer use in the lab is pretty intermittent, but if I was trying to use a similar system for my home PC it would drive me batshit insane. And this is on a local area network managed by a dedicated IT staff. Thinking about something similar running over multiple networks (customer's ISP, backbone provider, server's ISP, etc), and by a company whose workers are well-insulated from any angry customers, and it sounds like an absolute nightmare to me.
Finally, from a security perspective, the key issue is that the data for a large number of people will be centralized in a single system. While the security for the centralized system would undoubtedly be far superior to any home PC the home PC is a low-value target, while the collected data (of tens or hundreds) of thousands of people is a high-value target and thus the security threats that the system has to defend against are much higher. Additionally, the weakest point of any security system is not a technical one, but rather is the human element, and the more people involved the bigger the chance that one of them will compromise the security of the system (most of the data breaches we hear about on an almost monthly basis are because of employees doing something stupid). A home user does something stupid and one person's data is compromised; an employee at a data storage company does something stupid and the data of thousands of people are compromised.