I would definitely use HTTPS, but that's not really what I had in mind. When I said I wouldn't use encryption I was thinking specifically about PKI stuff like PGP, precisely because like you say, it sucks to use it. Badly enough that I think it would make you stick out and receive additional scrutiny if you did.