I can't answer all your questions, but I can confirm that data is written to a temp file on the client machine. The data is probably not encrypted unless the data is first encrypted (I think you can do this with a plug in...) in the actual database file.
As opposed to the that time when you would wroie it on a piece of paper, and leave it outside in a metal box for a couple of days. And then, handled by 47 people across 7 states later, someone left it lying on the lobby floor of your apartment block while you were on holiday for two weeks? Or the time that anyone who could slide a filing cabinet drawer open could read it, photo-copy it in the coffee-break, and...?
Oh, if only the Jobs-Worths could get things in perspective...
I still wouldn't want a tech savvy person to steal my identity by finding and parsing out data from a temp file. In some parts, this documenting the steps taken to protect personal info is now a legal requirement.