So it seems like the data are encrypted both in transit and on the server and it means that nobody is able to get unencrypted data even if they can intercept the traffic or access the server.

Nobody except Apple, that is.

That's no different from me offering a remote backup service on a LUKS encrypted box, using sftp or whatever, and then making those claims.

No, the data is still not end-to-end encrypted, which means that Apple can decrypt the data on the server.