Actually the masterkey is located in the database, not on the storage. You can also move the location of all the file keys for additional security.
https://doc.owncloud.com/server/admin_manual/maintenance/encryption/migrating-from-user-key-to-master-key.html under verify for the location.
In our highly secure Enterprise projects we do put the masterkey into a HSM in the meantime, which makes sure that the ownCloud administrator itself also can’t get to it when reconfiguring things. Of course this continues to rely on organisational protection.
As a last option there is End-to-End Encryption, an overview can be found here and your feedback would be valuable to me: