I think the analogy fails because thats valuable isn't a good that it is simply retained or lost. If your vpn usage for example is downloading movies the fact that bob the hacker knows you downloaded inception isn't very worrisome. Likewise with keeping your personal traffic personal instead of having it show up on your bosses network who cares if bob has it.
If the vpn provider doesn't keep any logs your total exposure is that they may start collecting logs of traffic for the duration during which they are compromised. If they are attentive and competent this either will never happen or it will be for a short duration. Again this breaks the example of valuables in storage.
In fact a VPS or indeed any host actually has the same problem you describe in that a host is a bigger target than you and therefore more valuable.
On the other hand for most people the differential between know how between you and professionals is probably sufficiently useful that you are less likely to get hacked with them than on your own. After all nobody has to actually target you in particular they can look for vulnerable hosts in an automated fashion.
I don't think you have provided any substantial argument for most commercial vpn users to switch. I feel like for most threat models its a more than acceptable tool.
If the vpn provider doesn't keep any logs your total exposure is that they may start collecting logs of traffic for the duration during which they are compromised. If they are attentive and competent this either will never happen or it will be for a short duration. Again this breaks the example of valuables in storage.
In fact a VPS or indeed any host actually has the same problem you describe in that a host is a bigger target than you and therefore more valuable.
On the other hand for most people the differential between know how between you and professionals is probably sufficiently useful that you are less likely to get hacked with them than on your own. After all nobody has to actually target you in particular they can look for vulnerable hosts in an automated fashion.
I don't think you have provided any substantial argument for most commercial vpn users to switch. I feel like for most threat models its a more than acceptable tool.