That's why client-side encryption is useful - even with the company (Dropbox) not leaking/selling their users' data on purpose, it is easy to inadvertently leak it.

Proper client-side encryption, while often not appropriate in critical environments, is useful to protect against this type of situations.

Disclosure: I run AES.io