I guess since you encrypt the whole sqlite db that means you can still offer indexing and FTS while remaining encrypted. But, the application would still have the encryption key in memory. So this protects against an attacker/bad-actor that can access the FS but not if they could access the memory space of the application serving mail items. Is that right?