I have read this document, and while I'm pleased to see that there is outside auditing and uses 'latest technology', I want an Yes/No answer to: is it SSAE 16 compliant (type 2 certificate)?
Is the data within the US?
The Acrobat.com server runs on the Akamai CDN, so your questions don't have a simple answer.
From Akamai's website, they say they
"[We] Reduce risk and support your internal ISO, FISMA, BITS, HIPAA and PCI compliance requirements
Akamai's Compliance Management solution is designed to help enterprises reduce the time and expense associated with meeting the performance and reporting standards of key regulatory compliance initiatives.
Compliance Management is an integrated solution that provides compliance tools and documentation around the delivery of business applications and Web sites, helping you to meet regulatory standards for PCI compliance (credit card processing), federal information security management, the ISO Code of Practice for Information Security Management, financial services regulations, and the Health Insurance Portability and Accountability Act (HIPAA)"
So it looks like there's a possibility of some fairly robust security here. The Akamai people say that it depends on your SLA with them, which they can't disclosure with permission. Does Adobe offer various security levels for its product/services? Do you use a flat minimum level of security across the company? Can you find out what your SLA with Akamai is?
I want to use your products to create a convenient means for my company's customers requesting services from us- the request must include their account information, which is confidential. To use your product, I need to know the security with which it operates.