I guess there might be a privacy element involved with such caching if the extra information involved remains even after the last instance of the data was removed from Dropbox servers. But seriously, practically, what is the privacy leak in this case? The most devious usecase I can think of is some corporation querying dropbox for all possible files they own to see if it was ever uploaded... and even then it does not reveal who has the file. Hell, technically said corporation would probably be liable for stuff like reverse engineering the Dropbox protocols and whatnot, so it would legally be unusable information.
I use the almost exact same technique for JottiQ. Jotti's malware scan has an internal database of files it has already scanned, which allows me to avoid uploading a file a second time.
So, in a nutshell: I am willing to share some file with the service (Jotti / Dropbox), so I would be sharing the private information I worry about with the service to begin with. Thus the service obtains no private information it wouldn't have without such an optimization.
That make sense?