Dropbox Security Flaw
Read about it here. I try not to republish content, but the pertinent bit is this:
Newton’s concept, tested on a Windows machine, uses Dropbox’s own configuration files; configuration data, file/directory listings, hashes which are stored in numerous SQLite database files located in %APPDATA%\Dropbox. Inside one file lies a database row containing a users “host_id”, which is used to authenticate each individual user.
Modifying this file and changing the host_id to that of another Dropbox user automatically authenticates the account, providing complete access to that person Dropbox until the user realises that there is a new computer in the “Linked Devices” section of the Dropbox website.
As you should Dropbox or no, encrypt sensitive data with an out of band key (password/phrase/yubikey/token).
Personally, I agree with Dropbox’s statement that if an attacker was able to gain access to your local files, that gaining access to the dropbox’d files is already a lost battle. However, gaining access to the dropbox account without a password is where I have issue. In either regard, I will continue to promote dropbox as the best cloud based replicator out there.