Sound complicated? It really isn't. It's just a simple byproduct of the internet's standard "referer headers" that allow webmasters to see who is referring traffic to their site. If the referer happens to be a Dropbox file, then a curious webmaster is going to have no trouble accessing that file just as if he was an authorized recipient. Fortunately, there are no reported instances of this happening, and Dropbox says it has already fixed the issue for all newly created documents. As for older files, however, they've been automatically de-shared "until further notice" -- so you might want to follow these steps to create new links for them.