That's not true. If the file is encrypted using a password that must be given to the script by the user when the script is started up, then the password information is stored only in RAM, not in any place someone reading the script or the rules files can get to as easily. I'm sure it's possible to find it in the RAM, but I think a password approach manages the risk of a more casual reader getting at the file quite well. If the script is such that it must be started and stopped frequently (like a non mod_perl CGI), then this approach becomes less attractive.