All DBinbox traffic is encrypted with SSL through HTTPS. User accounts and sign-ins are protected with the open source Rails Devise gem, which hashes and salts user passwords (why is that important?).
Credit card transactions are handled through Stripe, which is certified to PCI Service Provider Level 1. Credit card information is never seen by the DBinbox servers. Even in the extremely unlikely event of a full database breach, user credit card data would remain safe.
Files are transferred from the user through an encrypted connection to Amazon's S3, then passed through another encrypted connection to the DBinbox servers, which send them to Dropbox's servers through a final encrypted connection. At rest in Dropbox is arguably the least secure place your files are through the process.
There are plans to implement a "Secure Uploads" plan in the first quarter of 2015. Users subscribed to this plan will have access to end-to-end encryption of all files transferred. Once implemented, even if the NSA were to subpoena DBinbox, Dropbox, or Amazon, the transferred data would be unrecoverable without the uploader-supplied password.