What's the source on your third paragraph? I want to read the backstory there.
Edit: Bias alert; I work for Dropbox on our infrastructure team. I'm just curious about that particular incident, since it predates me and I'm always curious about these things.
Luckily for them (and unluckily for consumers) they got away with that particular lie during the early years where it was most valuable.
There's also a fundamental problem that Arash doesn't understand security. This was clear after the incident where no password was required in order to login.
Arash claimed that this was only a problem if you were one of the unlucky few who was actually hacked. He didn't understand that a risk exposure is also a serious problem, even if you happen to dodge the bullet on that particular incident. In fact, he seemed to get quite angry with paying customers who were upset by it because in his mind you don't have the right to be even slightly bothered by a major screw-up unless you were affected that time.
I understand that at this point Dropbox is huge, so it's full of people like you who don't have anything to do with the customer-hostile bullshit that the founders did... but it's still impossible to trust anything you guys do. After all, when the CTO is untrustworthy, only a very, very naive person would trust the product as a whole.
Edit: Bias alert; I work for Dropbox on our infrastructure team. I'm just curious about that particular incident, since it predates me and I'm always curious about these things.