It doesn't bother me that it isn't open source per se, but what does bother me (and the reason I don't and wouldn't use it) is that I have no way of independently verifying that their security measures are adequate. I would never trust sensitive data to a third party provider unless at a minimum they had undergone a security audit by an independent third party. As far as I can tell, dropbox hasn't.