2048 bit PGP keys will be resistant to brute force attacks for a few decades, so the only sense in which PGP is "false" security is that you would turn over your clients' info when you got a knock on the door. Thanks for the heads up, at least.