Craig,
Where do they have the unencrypted source to verify what the SP is doing? But maybe it's not to big an issue since they don't seem to be all that well encrypted.
>It does happen because it did with one of our customers. Unencrypted SPs will not pass their security audit.