I don't work with national secrets, but I do have access to sensitive/valuable to the client data. The thought of downloading anything directly to my device is just beyond me. I don't even like downloading log files with something like "aws s3 cp s3://client/file - | less". I'd much rather fire up a cheap instance and view the data within their VPC.