Pretty good write up on the implications of deploying SaaS and the the legal, regulatory, and security concerns that come with it.  I agree with the points around SAS 70 and the article in general but would have added some details around regulatory drivers beyond Sarbanes-Oxley like PCI Compliance.