It's not anyone, but a particular person. If I suspect you are storing credit cards, or I want to know your sales data, and it's valuable enough, trying to get an employee to siphon off or look at data (for $$) is a valid way of criminally attacking your data.

Or perhaps I see if the cloud company really separates out VLANs or do they have shared LANs I can sniff?

Encryption certainly slows things down.