Hi YS,

As far as I'm aware, the contents of a password-protected ZIP files are always encrypted... but maybe not the way you are expecting:

• a ZIP file is a container that holds other files and folders inside (in a compressed format)
• password-protected ZIP files encrypt individual files inside, but the container itself is not encrypted, allowing access to the list of files themselves along with their metadata and potentially even allowing a malicious agent to replace files undetected.

That being said, this is general of all ZIP files (regardless of the applications or components that generate or manipulate them).

Do note that the component's documentation explicitly mentions this:

"Password - optional password for protecting the ZIP archive. If you specify a password, the password is needed to extract a file from the archive. Note that regardless of whether a password is specified, the file names are always visible (e.g. in Windows), so it's not a full protection."