I truly think that Microsoft knows their market. Web applications are great for the general consumer market, but not for the corporate market. I don't think corporations want their confidential documents directly accessible to another corporation (Google) or to anyone that could guess/crack the password to the service. This is why desktop software is still relevant. For example, the large corporation that I work for has denied access to Google Docs to ensure that it is not used.
Though, Google Docs could be useful to the corporate world if it were possible to install it on a local server in the corporate environment. That way the access to the documents could be directly controlled.
What's really missing is strong cross platform encryption that can be performed on the browser (from javascript). That way the data can be stored encrypted in a centralized location and decrypted only on the client side. This is harder to do for things like email because Google needs to target ads, but for google docs this should work.
That's not a very good approach to encryption. It still requires you to trust Google not to send you malicious JS. While I trust Google a lot more than I trust any other company their size, a private key in the hands of ten thousand employees still isn't very private.
I am more concerned with someone breaking into Google and walking away with everyone's email than I am about Google sending malicious Javascript but you have a good point and malicious employees can cause a lot of harm.
Though, Google Docs could be useful to the corporate world if it were possible to install it on a local server in the corporate environment. That way the access to the documents could be directly controlled.