> It could be. Any idea on how the security plug-in could get
> the decrypt key?

There could be a standard key defined in the default security plug-in for
general use, *if* users wanted to overwrite this then they could provide a
new security plug-in with a new key or add a new chained plug-in which
overrides default behaviour by providing a new key.

Rgds

Si Carter
TECT Software Ltd
http://www.tectsoft.net/