"Risk Management" isn't just a business phrase, it's something we do unconsciously every day of our lives.
The important thing about agitators like Eben and RMS is that they can highlight risks that are otherwise going unnoticed. You don't need to agree with their proposed (often drastic) solutions to appreciate the value of consciously assessing a risk and deciding you're happy to live with it, over not even realising the risk you're taking.
Nolan Brubaker reminded me I forgot to mention centralised version control and issue tracking providers on the professional services front. What is the impact on your business of a GitHub or BitBucket outage? Or Shining Panda CI or Travis CI?
I wish there was a service that took newspaper articles calling for regulation of online communication services and replace every occurence of an online service's name with a newspaper's name, every occurrence of "social media" and similar phrases with "the press", and every occurrence of "commenters" or "posters" with "the press".
Everyone's a journalist now, only the quality varies.
Unfortunately, Western governments are currently taking exactly the wrong stance on all this. We should be demanding that our representatives make it illegal for companies to spy on their users and to misuse data that is provided for a specific purpose.
There are already many regulations on the books along those lines, especially in the health, finance and employment sectors.
Unfortunately, the spy and law enforcement agencies are currently running the show, and instead of pushing for greater privacy protections, they're instead trying to make it mandatory for companies to spy on their users and to provide that information to the government with no legal protections whatsoever.
Apparently there's something about the words "online" and "digital" that makes nominally democratic governments think it's OK to start acting like jackbooted thugs :P
This is actually one of the serious problems with the US model of coupling health insurance to employment. When they're decoupled (i.e. employers pay more, employees use those funds to buy health insurance directly from the insurance provider), the damage of losing your job isn't automatically linked to the double whammy of also losing your health insurance (depending on your savings level).
Coupling and single points of failure are a problem in social system design, just as they are in technical systems design.
Employers and clients are also dangerous. If they don't pay, or place excessively onerous conditions on providing payment, it can put people in dire straights.
On the flipside, as an employer, employees and contractors are dangerous, as they may fail to provide the agreed upon services in a timely fashion. Balancing the interests of both sides in these matters is why industrial relations law is so fraught. Our brains are wired for good/bad thinking, so most people fall into either "employees noble hard workers, employers evil robber barons" or "employers noble job providers, employees evil union thugs" false dichotomies. In reality, neither side is likely to be malicious: short sightedness, selfishness and sheer incompetence are all more likely explanations for seemingly hostile acts than deliberate malice. And sometimes it's none of those things, but merely a difference in priorities (e.g. sacrificing some jobs for the sake of preserving others - when a company goes under it generally sucks for everybody involved, except maybe the actual robber barons that have already made sure they got their cut by lumbering the company with excessive debt)
Shifting back to the individual point of view, your health providers and insurance providers are dangerous. Again, there's a reason this industry is heavily regulated. (And again, serious problems when regulatory capture occurs and the government starts regulating for the benefit of the incumbents rather than the protection of citizens)
Professional service providers are also on the list. If you're a company with an online presence, your hosting provider, your DNS provider, your storage provider - these can all disrupt your internet presence, and thus your advertising and revenue streams.
Many of the individual risks also apply in a business context, including financial services and communications providers.
Communication providers are the next obvious targets. This includes your postal provider, your telephone provider, your internet service provider, your email provider, and, increasingly, social media platforms.
All of these services can build quite detailed social graphs, and governments around the world are keen to demand that these providers do so. The social media platforms do it deliberately so they have something to sell to advertisers.
Moglen isn't wrong to be paranoid about this, he's just wrong to think that opting out entirely is a viable answer. It's like saying "people can see everything you do on the village green, you should stay home and never go outside!".
In the Western world, your bank and credit card company are obvious places to start. They control your access to funds, and have an awful lot of data about you and your relationships. This is one of the major reasons the finance industry is so heavily regulated: we've collectively outsourced the enforcement of trustworthiness to the government. When government starts "streamlining" the rules to make things easier for the banks, we get things like the GFC. Regulations aren't meant to make things easy for the industry being regulated, they're meant to limit the power exercised by that industry.
For many people, this list also includes PayPal, and they're very careful to skirt the rules that would bring them under the full force of financial regulations.
So, it's worth thinking about which companies and organisations could cause you major pain if they chose to be evil (or are just flawed in some way).
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
The modern world is built on trust. We trust people, especially companies, even when we probably shouldn't.
Eben Moglen takes distrust to extremes. He doesn't want to trust any faceless corporate entities: http://betabeat.com/2011/12/in-which-eben-moglen-like-legit-yells-at-me-for-being-on-facebook/