When a secure bug is modified, I'm getting an e-mail where body looks like plain text PGP (at least claws-mail treats it so). I guess it misses some kind of mail header indicating use of encryption.
Looks like we don't do secure bugs anymore.