Responded to @janboddez:
@janboddez There are a few individuals and companies who are batch-submitting “vulnerability reports” that rely on DB read access. Plugins storing any kind of secrets in WP options are all targeted.
I do understand the benefits of encrypting those secrets but that would require asking site owners to update wp-config.php which is the only “safe” place to store secrets in WP. Imagine each plugin asking for its own constant…