If served a lawful subpoena, ANY cloud service provider may be required to hand over your data if they have that power. If you've got something truly critical (e.g., evidence you're transsexual in NC and use the "illegal"/correct bathroom) you should encrypt it even on top of what your CSP does. Windows, OSX and Linux all offer methods for doing this effectively.
I've used OneDrive with encrypted VHDs. It works fine, so long as you don't access the VHD from multiple places at once. I do this more because my OneDrive syncs to a surfacebook than because I am concerned about subpoenas.
As for the telemetry collected, it's probably not of any use to them. It's the same sort of stuff every app on your phone sends up to mixpanel. I wouldn't worry about that, as it's not a substantially greater privacy violation than the natural telemetry collected by the cell network and local ISPs. The only way it might be used against you is in proving a certain access pattern to the device at a certain time.
As opposed to the information that the ISPs are already offering? Sorry, but your underlying networks are already in collusion with the feds.
Were they not, the telemetry might provide signals that wouldn't be more easily obtained elsewhere.
But it's also worth noting that the telemetry for 'apps installed' is just your license list from the store. We don't have a ton of evidence that MS is combing your computer for random executables and reporting that back on a signal, or passing up full untrimmed process lists.
Log information can be much more revealing if you are communicating only via encrypted protocols or Tor. We don't know for sure what exactly MS is transmitting in their logs but we do know quite well what traces we leave (or leave not) behind via our ISP. And that's definitely much less than what our machine can reveal via (encrypted) telemetry.
1. We really don't know the extent of telemetry collected via our ISPs, do we? Unless application authors go to the trouble of specific certificate or signatory cert pinning, it's not terribly challenging for certain classes of attackera to enter that connection.
2. Wouldn't substantial data in Tor logs be a bug with your Tor client anyways? I've never seen a Tor client ship in a logging debug mode. But I haven't taken Tor terribly seriously for years. Did they start doing it wrong?
3. The contents of the data that is being sent to Microsoft is entirely knowable. I'm waiting for a security researcher to just do it. I suspect most of what we see is something along the lines of standard app telemetry for core apps.
The amount of FUD that has been brought to bear against MS for this practice is pretty unsurprising given the scroogled campaigns, but it's funny to see a bunch of 3rd parties buy into it while posting from Macs that do the same thing.