>If a hidden function enabled malicious behavior, causing it to touch all files, the hidden function would very quickly cease to be hidden.
I'm not sure where you're going with this. Yes, a security hole would become much more visible after it was exploited. That doesn't imply that anything visibly weird Dropbox does is a security hole.
The only notable flaw in security here is that it's a program on a normal OS outside a sandbox. This is a huge flaw but it applies to most programs.
>Are you seriously arguing that it's okay for Dropbox to touch files you didn't give it permission to touch? This is ridiculous.
I am. Touching files does not mean taking information from files. And between the explorer extension and the way file monitoring works on windows it's going to be fed a list of your files no matter what.
Security holes are a subcategory of "things a program can do, but shouldn't be able to do". They are described entirely in terms of potential behavior, not current behavior.
