There's nothing inherent to Web apps that's forcing the hand of developers to send user data to a server outside the user's control (i.e. opting not to give the choice of sending it to a server the user does control). Keeping user data on servers that the Web app developer controls is a decision that developers make because control over user data is usually an adversarial conflict, and when given to power to do developers go for the choice that works out to their advantage.