If you value your privacy, it would be prudent to assume any unencrypted communication of yours is compromised.
That includes unencrypted email and any unencrypted data stored on a server not under your control.
Even your encrypted communication might be compromised at some point in the future, given the odds that it has probably been logged by someone as it travelled from hop to hop through the Internet.
Once encrypted data leaves your control, anyone intercepting and logging it can attempt to crack that data at their leisure, virtually indefinitely.
Laws may stop some law-abiding entities from trying. But I wouldn't count on it.
Treat every gun like it's loaded, check both ways before crossing the street, and assume that all of your unencrypted data is already compromised. Sounds like good advice to me.
Dropbox and Gmail are already encrypted - the problem is who else can get at the keys. And which other credentials of yours can be compromised starting from there.
Encryption that is out of your control is not encryption in any meaningful sense. You must be the only one who has the key, else the whole process is compromised.
This is a pet peeve of mine, let me know if I'm being a pedant:
Encryption that is out of your control is encryption in a specific, meaningful sense. I believe to effectively use encryption, you have to understand the trade-offs involved and limitations of the technology.
So, Google's encryption is terrific in terms of protecting you from war-drivers. But it won't protect you from the focused attention of the FBI. That doesn't make it good or bad, it's a tool with specific uses and limitations.
I think that lesson needs to be absorbed with all forms of encryption. It's a particularly dangerous area to pop-sci oversimplify.
There are quite a few options available from the stand-alone, like SpiderOak, to things that sit on top of Dropbox, such as Boxcryptor.
What I haven't seen is a comprehensive security review of these alternatives. There could be bugs, flaws, or they could outright not be doing what they claim to do.
Even if they can't read, traffic analysis is perhaps more automated, widespread and computationally cheap than communications content interpretation based surveillance that people worry about.
That includes unencrypted email and any unencrypted data stored on a server not under your control.
Even your encrypted communication might be compromised at some point in the future, given the odds that it has probably been logged by someone as it travelled from hop to hop through the Internet.
Once encrypted data leaves your control, anyone intercepting and logging it can attempt to crack that data at their leisure, virtually indefinitely.
Laws may stop some law-abiding entities from trying. But I wouldn't count on it.