Hey Mark! Thanks for reading and a great point. A couple of things around how we are thinking about this:

• Creators are currently sharing Dropbox links through Patreon and other places that put that link behind a paywall.
• That link is just as public as a file on IPFS
• Prior to creating the share link, the file is not public on Dropbox, but in our experience creators are not using Dropbox to make the file private (some do, but most don’t).
• Most creators use Dropbox as a quick tool to get a public link for their files.

File encryption is already possible. Pinata does not prescribe an encryption mechanism, though. If someone is going to be encrypting a file, they have to be comfortable with the idea that the CID of the resulting encrypted file will never, and can never, match the CID of the unencrypted file. For this reason, we leave encryption to the individual users.

Thanks again for the thoughtful comment!