I think any cloud AV needs behavior blocking. A cloud AV can't send all your files to the cloud as this will be impractical (large amount of data to send) so it must send some hashes or whatever (small "fingerprints" of your files) and compare them against a database. A polymorphic virus (a virus with self-modifying program code) would be undetected by a cloud AV, as its code changes every time (and so does its fingerprint). So when a program tries to modify its own code the antivirus must react, block it and send it to the cloud for a deeper analysis.
Security Essentials also detects programs on your computer that might be malicious or harmful:
A new class of heuristic signatures leverages Microsoft’s dynamic translation technology to emulate the behavior of a program before it runs. Microsoft Security Essentials uses these signatures to look for signs of suspicious behavior, characteristics that are similar to known malware and other abnormal operations, and then queries the Dynamic Signature Service to see if the program should be submitted for analysis or terminated.
The quote is from Microsoft Security Essentials Reviewers Guide (link to doc file
In conclusion, I think the behavior blocking in Panda Cloud, at this point, is meant to overcome normal limitations of cloud AVs and MSE offers a similar feature.
There are some things about MSE that I don't like: It is not as light on resources as I would like, the full scan takes too long, you need to have windows updates set to automatically install.