From the Graham Cluley blog:
In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered. We also found evidence that many people are mingling their personal and professional files, potentially presenting privacy and security concerns for organisations.
I guess this is something that is poorly understood. Shared links are not private, they are just hard for a human to guess. Any sensitive information I store on any cloud service (and usually on my own computer) is stored in an encrypted disk image. There are secure ways to share a Dropbox link with an accountant but they all involve an extra step to encrypt the content.
By way of @korzdorfer