Communicating the threat model (especially to non-technical folks) is indeed tough. We'd like to explain how our server never learns anything about the addresses you look up; they are always encrypted under a key that is only on your client.
One thing to highlight is that the security of our system is really analogous to hosting a node in your home, on your own hardware. When you run a full node in the cloud, you are still leaking data (like your address) to the cloud provider itself. Even if you use Tor and pay for the cloud service anonymously, that is still a weaker guarantee than the one we offer.