signing & encrypting

Aurelio Turco
Thu May 16 14:01:02 2002

In the FAQ ( it says:

  There is a small security glitch in the OpenPGP (and therefore GnuPG)
  system; to avoid this you should always sign and encrypt a message
  instead of only encrypting it.

Can someone provide a one or two sentence explanation as to what this
glitch might be?

If one is to both sign and encrypt a message, would I be correct in
saying that one should encrypt before signing?

Does the order in which --sign and --encrypt are specified on the gpg
command line make a difference to the order in which the corresponding
operations are done?

Any help would be much appreciated.