If Dropbox would have used client-side encryption (in addition to their server-side security measures) you wouldn't need to worry about issues such as server security.
That's why you shouldn't trust statements like: "Theoretically we can read your data, but we make sure only you can access it". If there's the theoretical potential for abuse it will happen sooner or later. Either deliberately or not.
This is true, but I don't wish for this. Dropbox with client-side encryption would be a different product where a lot of their features would be very difficult to sustain. For example, easy web access or having iOS and other apps easily sync using the Dropbox API.
I am happy with not putting sensitive files on Dropbox, and encrypted the few I do.
That's why you shouldn't trust statements like: "Theoretically we can read your data, but we make sure only you can access it". If there's the theoretical potential for abuse it will happen sooner or later. Either deliberately or not.