If the vendor is compromised, then PGP encrypting your address doesn't matter, because LE has the private key and the vendor most likely gave them the password. PGP encryption only protects your private info in the event that the SR server is compromised.