Fair enough. I think it would be a good idea to put some of your explanation in the module documentation. If someone grabs your module off the shelf, they shouldn't have to work out the security implications for themselves.

Getting rid of eval is good. Even if I'm being careful not to execute bad code, the old system gave it an easy place to hide where I might not notice it.

Adding built-in support for #3 and using different crypto algorithms would be good ideas for future enhancements.