Has anyone confirmed this? Try loading a trivial amount on a wallet.dat, then upload it to dropbox. Dropbox is a pretty big system and if some one inside have processes running it as a honeypot i'm sure Dropbox mgmt would love to know. As any one contacted a sysadmin at DB?
A honeypot is a system designed to catch an evildoer, such as http://www.projecthoneypot.org/
, where various systems are put up on the web as "hacker bait" with complete IP and access logging, so attack attempts and successful attacks can be documented and reported. Unauthorized access to your files hosted on dropbox by staff with elevated priviledges is not this.
You should consider any file you upload to the "cloud" as essentially equivalent as posting it publicly for all to see - because when security fails at the company hosting your data (see: http://technorati.com/technology/article/major-dropbox-security-flaw-let-users/
) that is is essentially what you have done. These companies don't have to provide you any security or service level whatsoever, their interest is profit, and they have terms of service that disclaims all liability.
Anyone that has access to your computer via trojan or remote exploit has all the information needed to compromise your account (http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
), and even malicious apps on your phone can steal your dropbox credentials (http://www.cultofandroid.com/8177/facebook-dropbox-apps-have-serious-security-flaw-that-puts-your-personal-data-at-risk/
). If you have used the same password anywhere else and that gets hacked, there's a good chance that the stolen credentials will be tried against all major cloud services.
Unless you specifically contact dropbox and tell them of suspicious activity and they agree to set up a secretly logged account, if you test this theory by uploading another wallet and the coins get stolen, all you will likely get is denials or non-responses from dropbox. Even the most obvious security feature to discover if you have been hacked - showing you a log of IP addresses that have accessed your account - they have not implemented.