I agree that it’s impossible to be completely safe, though I’d probably be more confident in a company that is strongly identified internet security or networking.
Foscam is fairly well known, though not as well known as, say Google or Netgear, who may not be perfect (especially the latter) but at least stand to lose billions when their reputation for security is damaged.
One interesting thing I learned investigating my (regretted) Amcrest purchase is that that they, like many other consumer camera brands, outsource cloud functionality to a company called Camcloud:
00d0 06 03 55 04 0a 13 08 43 61 6d 63 6c 6f 75 64 31 ..U....Camcloud1
00e0 11 30 0f 06 03 55 04 0b 13 08 43 61 6d 63 6c 6f .0...U....Camclo
00f0 75 64 31 14 30 12 06 03 55 04 03 13 0b 44 61 6e ud1.0...U....Dan
0100 20 42 75 72 6b 65 74 74 00 69 30 67 31 0b 30 09 Burkett.i0g1.0.
where this Dan Burkett guy turns out to be their CTO. I actually asked Camcloud for comment. To their credit, they responded quickly, but they were fairly unconcerned, noting that use of FTP for media upload is “very common.”
Later, I looked at Netgear Arlo, and noticed what looked like a live streaming link in a transmission from their servers
CAMERAID was in fact that of my camera. I always got connection errors when trying to access the rtsp link, so there may have been some other authentication mechanism. Still, it was a bit disturbing, especially as there was no obvious reason why this information would need to be communicated from their servers to my local hub. Although they never acknowledged my report on an Arlo forum, the problem was fixed within 3 days, which may or may not have been coincidence.