It has been a famous topic lately, it has become somehow common to read about attacks in websites and how the information could have been stolen and been used by attackers.
Let's assume1 you have a document that is being stored in a cloud service. - say that the service encrypted the file with your password, so to access the document the password is required. In this case you may note that the service company won't have a way2 to access the file without your help. This is important because if there is a way to them to access, then an attacker who compromised the service could do it too.
Now, what do we lose in this scenario? What if you lose your password, given that the file was encrypted with your forgotten one, there is no way to access it3, not by you or by the service, so it's basically lost. The service could have other kind of security measures on top of the file, so the provider may be reluctant to just give you the encrypted file. So, if the files are encrypted by the service then a Forgot Password feature is almost irrelevant.
So, what if you want to share the file with another user? Then for the other user to have access also requires the password, so both of you need to use the same one. If not, it gets really complicated. Let's say that both of you use different passwords that can't be stored in the service, when you want to share your file, both passwords should be loaded in the system so the document will be encrypted for each one, that probably requires to both users to be logged at the same time. If you update the file, it then requires to have both passwords again loaded in the system so both users should be logged at the same time again. You could probably store the other user password encrypted with yours which then could be subtracted later if needed, but so many things could go wrong from there.
At the end it doesn't matter, for a general purpose service the extra security belongs to a particular market, and for the rest of all, the provider ends up explaining about why people can't just freely share their document.
What now? Well, you can encrypt your data at home before you upload it, if that is the problem, but in general it's not so. Except if you have launch codes for nuclear rockets, probably the common mechanisms are good enough. Note that not all info need to be treated the same way, I would prefer my credit card information to be encrypted, if lost I could just provide it again. Let's just say there are several use cases that needs to be treated accordingly.
 Take note that I am not a security researcher.
 Of course they could log your password somewhere if needed, in fact there is a lot of things that could be wrong in the process.
 Again, you could use a password-cracking tool. And so could the service company. And the attacker.