Thanks for replying. Your plugin needs access to my whole DropBox account. It does not function with the partly access DropBox provides. The app and plugin access then is sandboxed to a specified folder in the "Apps" DropBox folder.
Sandboxing is a very good security measure. When e.g. the WordPress installation is compromised one way or the other, it does not escalate to compromising the whole DropBox account. This is a very important concept.
Not honoring this concept is forcing users to give the plugin access to the whole DropBox account. This is a risk I am not willing to take.
So the security risk i talk about is a conceptual risk not a operational risk.
If your plugin is more than a hobby project, it worth considering adding the sandboxed DropBox access.
Also not being able to reset the DropBox credentials, is IMHO a shortcoming.
To conclude, giving a WordPress plugin potential access to my whole DropBox content is not a risk I am willing to take. This is in the scoop that I trust DropBox and there security monitoring system, trust your code, but have always the risk, that my WordPress installation can be compromised e.g. by an other plugin, hack of the shared hosting server, hack of the hosting control panel, you name it. Sandboxing access is really a very good idea, to exclude these implied risks, of compromising my whole DropBox account. I can live with the risk just the one folder running this risk.
This is why I label using your plugin as a security risk. It lacks a very important security feature: Partly access to dropbox. This is the recommended setting by Dropbox.
Hope this helps you with your code development.