I think that filtering out the .sync directory is not enough (it's a good step but not enough). Suppose it is possible to copy sombody else's .sync directory, is it possible to use it to get hold of all his data? If the secrets are not tied to the host, then any virus/troian could just deliver a copy of it to somebody else and the data would be available to them.