Also, you only need to encrypt sensitive info, not every message. It wastes vendors' time if they have to decrypt a lot of messages that don't need to be encrypted in the first place.