That is delightful to hear. All other discussions so far ended more like with a reference to the manual like this:
But priority means simply that somebody has to be willing to do the work
Well, encryption is not exactly something “somebody” has to do. We want it to be textbook secure in the end, no? 
But I understand. A more elaborate warning about the thumbnail issue should be added in the settings for the password recovery until this is solved. I can at least provide that, if this is also considered low priority.
Is there some kind of Bug hunting page/mechanism? I would certainly throw in $50 for this feature. Not much but a start. Maybe others would, too.