Comment by g-b-r

> "Some homemade encryption" is not what I was suggesting at all. E.g. encrypted-at-the-source (client side) AWS files are still sent over TLS as an encrypted blob within an encrypted blob but remain encrypted past the TLS boundary.

They need to analyse the data; adding layers of encryption, thus, could only improve security if the keys for the inner encryptions are better protected than the server's TLS private key.

Which would honestly, actually, likely to be the case, but it would probably be a modest improvement