So, it doesn't initially say you have to encrypt it, but that it is encrypted when you send it. Then it says that you can encrypt manually to be extra cautious. I would be pissed if I sent unencrypted after reading this to find it hadn't been encrypted, so I'm gonna encrypt it myself.
Thank you
Yes, I just saw that and suggested to DPR and the other mods/admins that maybe we expand on that and make it more clear, because I know for a fact that vendors still receive unencrypted addresses from buyers .... so my guess is that what they are saying is that it's encrypted on the server so it can't be intercepted, but that if you don't encrypt it to your vendor's key yourself, then it will show up unencrypted when they open your order (which you don't want).
It's best to encrypt it yourself so that ONLY the vendor with the correct PGP key can decrypt it.
I'll give you a recent example. A vendor fell for a scam message and provided his password and PIN to a phishing site. His account was then taken over by whoever ran the phishing site, and that person was able to see all of the vendor's current orders. If any buyer had sent their shipping info WITHOUT encrypting it, then the scammer who was in control of the account would be able to see their shipping info, and that buyer would then have been compromised.
If, on the other hand, the scammer was looking at an order that the buyer had encrypted to the vendor's key, the scammer would not have been able to read / access any of the buyer's personal details because the scammer didn't possess the vendor's public and private keys - even though he was in control of the vendor's SR account.
Hope this makes sense - if you need me to clarify, let me know!