So files stored on dropbox are protected only by their hash.
Not exactly confidence inspiring. Your private files are a hash away from being public. In other words a malicious software program could just send hashes of all your files back to the crooks/FBI/NSA/etc. Saves on bandwidth, which is important. (ie a nice list of filenames + links to download the file).
This means that knowing the hash of any file is enough to get that file, as long as someone, somewhere has it on their dropbox. Even if they close this hole on the dropbox servers (can they - or will it take a client update?), it means that people could have been doing this for years.