Dropbox & Roaming Profiles = insecure
I was looking at Dropbox a couple of days ago after noticing that Dropbox installs itself in the user's Roaming Profile directory under Windows 7 (same for XP). Dropbox adds about 25MB to a user's roaming profile, which is undesirable and slows down user logon/logoff.
User roaming profiles *should* be well secured on the corporate fileserver(s), but Domain Admins & Support Desk staff often have Read access for troubleshooting purposes (e.g. roaming profile bloat). See where I'm going with this... Anyone with access to the user's roaming profile will be able to access a user's Dropbox config.db file.
Roaming profile bloat? Check.
Insecure? Check