> Yeah, the no validation mode of encrypt-to really does call for > prudence in this specific case If an attacker can control your gpg.conf file, there are so many worse things to do that it's hard for me to take this seriously.