I understand the wish for encryption, but once you've put your encrypted dropbox in the cloud, it's there forever. If anyone is going to break the encryption it's going to be:
1) Someone with massive computing power (e.g. cloud based)
2) Someone with a long time to work on it
Who's to say DropBox wouldn't setup background processes to brute force encryption keys? Who's to say your encryption keys might not be trivial to brute force 10 years from now?
And if you use password protected documents you can't change your encryption key because they can always look at a previous version where the key was different.
More to the point, if you don't trust them to store your data, why would you trust their encryption? If they were malicious (and I'm not claiming anything) they would deliberately weaken the encryption 'accidentally' and you would likely never know.
In the real world, DB's servers are more likely to be breached than file-level encryption, by orders of magnitude. So encryption would be a very welcome addition.
Unfortunately it has a very real cost for DB: data redundancy could no longer be leveraged to save storage (because 2 identical files would appear different to DB). I suspect at their level of scale that would move a few cells in their CFO's spreadsheet.
If the dropbox client encrypted all files using a shared secret known only to myself, then my files would be protected by an additional layer of security where I manage the keys, that makes a lot of difference.
Obviously there is no such thing as absolute security, but that's not a reason not to take protective measures.
How would the dropbox client encrypt the files if only you knew the shared secret? You have to give the client your shared secret, and then we're back to where we began.
1) Someone with massive computing power (e.g. cloud based)
2) Someone with a long time to work on it
Who's to say DropBox wouldn't setup background processes to brute force encryption keys? Who's to say your encryption keys might not be trivial to brute force 10 years from now?
And if you use password protected documents you can't change your encryption key because they can always look at a previous version where the key was different.
More to the point, if you don't trust them to store your data, why would you trust their encryption? If they were malicious (and I'm not claiming anything) they would deliberately weaken the encryption 'accidentally' and you would likely never know.