I am trying to test encryption for MobileOrg via a beta from Richard.
(We're still playing the 'convince itunes to let you run code on your
own phone game', so this report is preliminary about what Org itself is
doing.)

I have in .emacs-local.el:

(setq org-mobile-use-encryption t)
(setq org-mobile-encryption-password "mypasswd")

and I did org-mobile-push.  I found that there was an old agendas.org
that was not encrypted, and it seems that org-mobile-push omits
agendas.org if org-mobile-use-encryption is t, but still creates it when
nil.

checksums.dat is in cleartext.  This seems ok, but could be a missed
opportunity for some integrity protection.

index.org is in cleartext.  The list of file names is of course in the
webdav area, and that seems not a big deal, but it also contains the
TODO keyword plan, priority tag list, etc.


I'm not sure this level of paranoia is warranted, but typical encrypting
filesystems also encrypt the filenames.  It probably suffices to just
warn the user that the filenames of org files will still be exposed in
the DAV area.