With due respect for your evidently high level of concern for security, both at the device level (no default passwords, no open ports, etc.) and for your cloud services implementation:
The point that security-conscious people are making is that there are many compromise scenarios that you cannot possibly account for. There is no way to guarantee perfect security for a network-connected device. I'm not going to overburden this thread with URLs but there are dozens, even hundreds of examples of software exploits across all areas of the internet over the past 5 years, and there will only be more in the future. Someone recently did a presentation in which they demonstrated how to break out of a hypervisored virtual machine into the supervising OS.
Long story short, your best assurances of security do not provide the security that being permanently airgapped from the internet can bring.
Of course you are going to do what the market dictates, so, I hope that a growing chorus of at least some small part of your customer base eventually makes it worth your while to offer a firmware update that is functional without a cloud connection to yours, or any other, servers.
Even if that means sacrificing considerable parts of the feature set. To me the convenience of checking & operating my garage door from my tablet or phone, anywhere over the internet is not worth the security exposure. Period. I would like to use the device within my local LAN so that I can be reminded if another resident here in the building leaves the garage door open by mistake. And so I can correct that mistake from the comfort of my third-floor office instead of walking down 3 flights of stairs. My use case would be completely covered by a LAN-only / no-cloud-needed configuration.