One pundit brought up the old problem that security and encryption have generally been add-on afterthoughts, and opined that from now on encryption should be the default. OK, cool--though there might be a few gotchas with unpacking things later if the file undergoes a little bit rot. At least in theory it should be possible to ship email around with public key encryption, handle payments with the same key, and generally be able to identify yourself with the same password everywhere. It makes life a little simpler, no?
At some point the secret part of the key has to be validated. There are ways to manage chains of trusted keys. But I wonder about the round-trip for validating a password. What sort of metadata can you collect? Financial transaction information wouldn't be part of the query, only who you were dealing with.