The downvotes I'm getting seem to indicate others agree I'm off the mark here. Perhaps I was too inflammatory, perhaps people just don't understand my analogy. Let me try again without the hyperbole. :-)
My point is, DropBox advertise proudly on their website that they use military grade encryption to protect their users' data. However, it has now been independently shown now that the keys to this data are in DropBox's direct possession and are in routine, daily use, decrypting one person's data so another can access it (this is what happens when deduping allows you to download something you never actually uploaded yourself).
To me, this implies that their claims of "military grade security" may be unjustified and just yet another example of security theater in the cloud.
Without knowing the exact architecture of their system it's hard to say for sure, of course. But think about what the encryption they claim to use is probably supposed to accomplish. Then think about whether it actually does that if a large proportion of DropBox's servers and employees have access to the decryption keys.
[edit: Amazon store data on S3, so it is in fact important that they encrypt it (even with relatively relaxed key management) as they have no direct control over the infrastructure. I still don't think this meets the bar of "military grade security", but I guess that's marketing for you.]
