That's a really good question, Bingley. It's analogous to one of the most fundamental and important questions in information security, the key distribution problem.

Briefly, we can make encryption that cannot ever be broken through cryptanalysis of intercepted traffic, using a one time pad (OTP). Why doesn't everybody use OTP then? Because distributing the keys, securely, to everyone with whom you might want to communicate is an absurdly difficult problem if you're going to communicate with more than a few people or if you don't already have a secure channel already -- and if you have a secure channel already, why do you need an OTP?

Back to your questions.

First, AES256 is really, really strong, so strong that using current supercomputer technology it would take more time than there is left before the end of the universe to crack your key. Nation-state actors who want to decrypt AES256 need to get the key some way other than cryptanalysis.

Second, you're right: If you let your online backup service manage your key, that means that they have access to your key. While the service I use claims to -- and almost certainly does -- use strong internal controls to prevent unauthorized access to keys, keys could still be compromised by a sufficiently advanced attacker or by legal process.

So how do you balance the risk? For me, I read about the (claimed) security procedures used by the online backup service I subscribe to. I decided they were using a pretty secure method, and that the risk (to me) of key compromise was less than the risk of losing the stored data.

I let my online backup service manage my key.