I'm very conscious about my security and something that has bothered me for a while now is that 1P is configured to need full access to my entire Dropbox. I was really hoping that with v4 that you would switch to using the sandboxed App Folder access level but as of 4.0b32, it is still using the Full Dropbox level.
My experience with the Dropbox API is limited, especially compared to your developers, but from what I understand, Full Dropbox access is a lot more work to maintain in your code than if you choose the App Folder level. Have your developers looked into switching?
Doing this might also help to fulfill a long-standing request by many users of the ability to have multiple 1P data files (personal, work, family shared, etc). It could create separate folders for each data file. When you are running 1P, you could have the option to switch between the data files (similar to the demo data).
I can see that this would be more work as you would also need to update the Mac and Windows desktop versions to use the new location. Perhaps have it configured to check the App Folder first and if it doesn't exist, use the Full Dropbox level. Once it finds the 1P data file, it could notify the user that it needs to migrate to the App Folder level for future compatibility.
Just a though. Please seriously consider this for a future enhancement. I'm becoming more frustrated with all the apps requiring full access when it just isn't necessary.