Christopher Soghoian emailed Dropbox, posted over on Pastebin telling them how he had discovered a massive security vulnerability on Dropbox in the wee hours of yesterday morning. If you want to read the entire email thread of how he discovered it, do so, but the short of it is, for a period of 4 hours yesterday, anyone could log into any dropbox account without having to know their password. Any password worked for any account.
Dropbox says they've fixed the issue, patching the bug just 5 minutes after they found out about it, however that doesn't change the fact that this happened. If you, like me, are worried about if anyone logged into your account during that period, check your Dropbox account event log.