they should always be encrypted wth. i've seen this and constantly scratching my head "why isn't this using an application specific data wrapper with encryption?"
Definitely, or even obfuscated with a derived key. It would be nice if signers came with a 'derive' method so that apps could request derived keys. Of course, this is nuanced and would require the user to set some policies, but in general terms, I think it could be interesting for obfuscation.
1