While this is a valid point, there are somewhat legit reasons to not want to provide evidence of such mining. One would be that the operators of cloud mining would be afraid that their pool accounts would get hacked and have their payout addresses changed. (this is one of many potential excuses). Although it would generally be advisable to not want to deal with companies that are of this small of sizes
Extremely weak excuse. Take a pool like Eligius. The miners tell the pool what bitcoin address to mine to. There's no "account" to hack. You'd have to hack the actual miners. If you can't secure your miners, you shouldn't be running a "cloud mining" operation.
Cloud mining operations don't show their hashrate because they don't have it.