One can hack Windows HTTPS libs (or OpenSSL, whatever it is) inside Dropbox process and read unencrypted buffers from memory. Standard and well-documented APIs are easy to locate and hook, especially in dynamic libraries.