Marketing can do a lot to create trust.

It's not all or nothing. Depending on your threat model, Apple's services might be fine. But I guess most people don't think enough about the implications of storing many years worth of data at a US company like Apple.

Apple has actually proven itself over a long period of time on this issue. Maybe Mozilla has as well (do they encrypt telemetry logs etc for people with a Mozilla login?) but I haven't heard so much about that.

Yes but Apple is also avoiding collecting a huge amount of data, e.g. by doing things on-device.