From FastMail’s blog:
I like FastMail and this was not something that I had considered. Their servers are in the US but they are not a US corporate entity. But as they acknowledge, that may not be sufficient for some:
There are of course other avenues available to obtain your data. Our colocation providers could be compelled to give physical access to our servers. Network capturing devices could be installed. And in the worst case an attacker could simply force their way into the datacentre and physically remove our servers.