Secure Azure Storage better
Azure Storage is not secure enough
Azure storage is protected using a connection string which contains credentials. Usually this connection string is placed in a configuration file. Reality tells us that information placed in configuration string leaks. It is likely that the storage configuration string will leak to non-authorized people. If someone has the connection string he owns your Azure storage!
It is not possible to compare Azure Storage connection string to SQL connection strings because SQL is not exposed to the web. Even if a bad guy has the connection string he cannot use it unless he get network access to the SQL server or he installs some piece of software near the SQL DB.
In Azure storage anyone with the connection string can access the storage and get full control.
It just does not make sense that the data is protected only with the connection string!
It is required to add another security dimension to azure storage and allow the owner of the storage account to mark that only roles running from the same subscription ID can access this account. This way he can place sensitive data in a storage account that cannot be accessed from outside of windows azure or outside of his subscription.
Non sensitive data will be placed in normal storage accounts running exactly like they do today.