One why would be, as long as you don't have a clause permitting this in your contract with the SaaS provider (which "ordinary" people as in this context usually don't have) it would be considered an offense in most countries.
If you're a company and the SaaS provider is of similar or small scale you might be able to work with them if you have special security concerns that exceed their regular customer base. You could maybe even get them to hire a consultancy to check or recheck their services but in no case would you ever just go out and do that of your own volition.
Independent of that, even in a personal context, people use SaaS providers because they trust their ability to do a certain job better and/or cheaper than you could do yourself. That usually includes the factor of securing their data, if only because it's in their best interest not to have PR disasters and lose customers.
If you're a company and the SaaS provider is of similar or small scale you might be able to work with them if you have special security concerns that exceed their regular customer base. You could maybe even get them to hire a consultancy to check or recheck their services but in no case would you ever just go out and do that of your own volition.
Independent of that, even in a personal context, people use SaaS providers because they trust their ability to do a certain job better and/or cheaper than you could do yourself. That usually includes the factor of securing their data, if only because it's in their best interest not to have PR disasters and lose customers.