Because saying it like sounds like they are merely using buzzords instead of clearly stating why their system is secure. To me it seemed that the intended result for the user was to think:
Our algorithm to hash folders produces hashes 160bits long. Which means that 2^160 -1 different folders can be securely hashed!
Of course they diden't say what they meant with 'secure' either. Will two folders that are both very big, and only differ with 1 bit produce the same hash yes or no? Is it possible to reverse this hash easily? Can it be brute forced? That kind of stuff...
Having said that, it does appear that this post was aimed at non-technical users. So perhaps it's not a bad way to rebut the claims about leaky security.
The hashes cannot be used to obtain access to the folder; it is just a way to discover the IP addresses of devices with the same folder. Hashes also cannot be guessed; it is a 160 bit number, which means that it is cryptographically impossible to guess the hash of a specific folder.
That is, you can only know the hash of a specific folder if
a. You have that folder
b. Someone told you the hash
This follows from using any reasonable hashing algorithm, such as sha-1.
Furthermore, because the range of the hash is sufficiently large the chance that you can, guessing randomly, find a valid folder is quite small.
There are 2^160 ~= 1.46 x 10^48 possible hashes.
Given that the probability of guessing a random folder is (number of folders hashed) / (number of possible hashes), and assuming that there are less than 10^8 folders that have been hashed, the chance of randomly finding any folder is less than 1 in 10^40.
"super cryptographically secure 160bit secret folders!"
While they should have gone for:
Our algorithm to hash folders produces hashes 160bits long. Which means that 2^160 -1 different folders can be securely hashed!
Of course they diden't say what they meant with 'secure' either. Will two folders that are both very big, and only differ with 1 bit produce the same hash yes or no? Is it possible to reverse this hash easily? Can it be brute forced? That kind of stuff...
Having said that, it does appear that this post was aimed at non-technical users. So perhaps it's not a bad way to rebut the claims about leaky security.