Agreed, this is more of an item to check off on a list than an actual, meaningful feature. It's the kind of thing that some exec who doesn't understand the details will take comfort in, even though at the end of the day the benefit is minimal.
The only way to do this safely is to do the encryption yourself prior to uploading to S3 and manage the keys yourself.
Yes, this. It's awesome that AWS is providing server-side encryption at no additional cost and with no additional client-side implementation effort, but ultimately your data is still at risk.
When Dropbox's authentication layer failed, their encryption was meaningless. Same thing here: data is still vulnerable to errors, misappropriation, subpoena, etc.
The only way to do this safely is to do the encryption yourself prior to uploading to S3 and manage the keys yourself.