I think those saying "this is a minor issue" are downplaying the problem here. Imagine your co-worker gets up for a 2 minute bathroom break (or you had 2 minutes in the boss' office alone, or at an associates house, etc) - what could you do in 2 minutes? Sure you could try to install a keylogger but this requires some knowledge, prior preparation and is susceptible to detection. You could copy off his private work but this is slow, not much you copy in 2 minutes.
Knowing this security hole, within seconds i could easily copy one small file (or upload it to crate, or just write down the machine hash or upload it to codepaste etc etc) and know i now have all his private files - for life - and not just files now but all future possible files (or at least until he changes his password; but how many people really do that regularly?).
Checking that 2 machines aren't using the same key would at least notify you that something had happened, although it may occur too late to secure your existing files.
Another option is tie the key with your IP address, and when a new IP address is detecting you need to enter in your credentials to get a new pass.
I think at least some hashing with create a unique computer stamp (username, OS version, mac address, processor hardware name, etc) would go a long way in making this more secure; it's not perfect (these things can be faked), but it certainly stops Johnny Amateur Hacker in gaining access to his friends/co-workers/bosses private files.
Even in this contrived scenario where there's an opportunistic amateur attacker with full access to your computer but only for two minutes, any changes to Dropbox client security only marginally improve your situation. I've got a USB 3.0 flash drive on my keychain that could grab about 6GB in two minutes. How much secret data you got there anyway?
And as a naive attacker, I would probably just but a $40 hardware keylogger if I wanted to steal a coworker's data.
As for tying the key to IP, it adds only some security (doesn't help in your example where your coworker likely shares the same IP) and, moreover, it's a customer support nightmare. Trust me, I tried it once. Some people have IP addresses that change very often. You can't have them re-entering a password with every request.
Knowing this security hole, within seconds i could easily copy one small file (or upload it to crate, or just write down the machine hash or upload it to codepaste etc etc) and know i now have all his private files - for life - and not just files now but all future possible files (or at least until he changes his password; but how many people really do that regularly?).
Checking that 2 machines aren't using the same key would at least notify you that something had happened, although it may occur too late to secure your existing files.
Another option is tie the key with your IP address, and when a new IP address is detecting you need to enter in your credentials to get a new pass.
I think at least some hashing with create a unique computer stamp (username, OS version, mac address, processor hardware name, etc) would go a long way in making this more secure; it's not perfect (these things can be faked), but it certainly stops Johnny Amateur Hacker in gaining access to his friends/co-workers/bosses private files.