kgpg editor insecure?

I happened to run kgpg from the CLI in a konsole, and then used its editor to open an encrypted file.
What I then noticed was that as I typed stuff in the editor, the characters were appearing in the konsole (numeric encoding)
e.g. 65 for ‘a’, 66 for ‘b’ etc.
They seemed to go to stderr.

This seems a bit insecure for an application commonly used for storing stuff securely in encrypted files!

Should I be avoiding kgpg? Are there better more secure tools for encrypting files?

That’s actually kdelibs4’s fault. It contains a debug statement in ktextedit that outputs every pressed key to stderr.
The same happens when you rename a file in dolphin e.g.

It has been fixed recently with the following commit:
https://quickgit.kde.org/?p=kdelibs.git&a=commit&h=150d983674e9d61e2809316e062e5d91c7855609

If you think we should fix this in openSUSE 13.2 as well, please file a bug report.

See also: https://forum.kde.org/viewtopic.php?f=223&t=127144