Great points. Trust and hope are not IT Security Controls.
Take the matter into your own hands and GPG encrypt everything that you place into the cloud. That way, only you hold the decryption key. I'm sure this may violate their ToS and it is inconvenient for end-users, but in order to have a firm technical control, you have to remove "trust and hope" from the equation.
If this violates their ToS, they need to rethink their policies. There a ton of reason you might have an encrypted file in your dropbox. Like sharing it with a friend or holding it there because you are moving files around etc.
Take the matter into your own hands and GPG encrypt everything that you place into the cloud. That way, only you hold the decryption key. I'm sure this may violate their ToS and it is inconvenient for end-users, but in order to have a firm technical control, you have to remove "trust and hope" from the equation.