> it's a fact, so why hide it? > > There are lots of 'facts' you don't need to know about. <snip> I agree. Users don't need to know that GNUpg is POSIX, or most other technical facts about the software. But since GNUpg is exclusively about privacy and security, a user _should_ be told of the insecure memory issue as it directly affects their privacy and security.