We're currently testing an instance of Moodle 2.2 ready for institutional deployment at the University of Bath and have discovered as issue with Moodle and the Dropbox repository.
Essentially, we have a test user who has allowed Moodle to connect to their Dropbox. All works fine up to this point... and the user can then interrogate their Dropbox folders and upload as necessary.
However, we've found that an Administrator can 'Login As...' that user and can too navigate this Dropbox account that the user has granted access too. Doesn't this pose quite a large security risk?