What exactly is your threat model? Who is after you? What data are they after? When/why/how?

For most people, the "who" is "the standard assortment of hackers and ne'er do wells" but nobody is singling them out as individuals to target. As for the "what", sure, the data iOS backs up to iCloud includes a lot of sensitive stuff. But a) all of it is encrypted in storage and in transit across the internet, and b) much of it is further encrypted with keys derived from your device passcode, which only you know. So if a hacker were to clone a hard drive used in iCloud that happened to have your data on it, it would be useless to them. Just ensure you use a good password for your Apple account and at least a six digit passcode to unlock your phone. And if you want to be super paranoid about bank accounts then just turn off the iCloud backup for the associated apps.

If a government or professional hacking ring is targeting you then all bets are off.

Here's a discussion of what Apple surrenders to law enforcement when subpoenaed. They cannot decrypt your notes or passwords saved in the keychain.
Here's Apple's overview of iCloud security.
And here is Apple's in-depth platform security documentation. You may be particularly interested in the Services - iCloud section and Services - Security - Passcode and Password Management - iCloud Keychain section.

I find iCloud backup to be convenient and secure enough for my purposes. If I were going to embark on a life of crime or espionage I'd probably not back up to iCloud, though.