Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious. This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.