You would think. But in practice, many companies find remote desktop over VPN to be too slow and clunky for day-to-day use, so they let people keep files locally on their devices. This is especially true for smaller companies, but even large companies can have surprisingly unsophisticated IT departments.

China is a particularly risky location because it's one of the few countries that has the technical resources and know-how to perform state-sponsored industrial espionage -- and it does a pretty good job.