LP is allowing us to export the account data into CSV, FF and LP Encrypted file. I don't have any problem with LP encrypted file. I feel LP shouldn't allow users to export data as a simple 'csv' without prompting for any encryption or password. It defeats the whole purpose of security implementation.
To cover end-to-end security, please don't allow users to save it to a flat file without any protection. I suggest you can accept encryption key and create a 'encrypted' csv and FF files. If a password breach happens because of such files, the whole effort of LP is gone. Please incorporate this additional step of exporting the data safely .
At present, i am taking extra step at my side using 'Trucrypt' and saving the 'csv' files in secured way.
It is dangerous to leave such csv files in laptops unencrypted thinking users should take care of it. There are lazy and ignorant guys out there