yes OTP is not possible to do securely in the context of vendor customer communications on SR. It is great if you have face to face ability to share a huge amount of true randomness with somebody you need to securely get messages back from in the future though.