Vernon was told by his insurance company that they would be sending him documents via email, and the first two times, he didn't receive it. The third time they sent it, it arrived. They told him the document was encrypted, but he could put anything in the password field to open it. He's now concerned that his personal information could be out in the wild.
Leo says that they should be using second factor authentication to do this, and it sounds like they just don't understand encryption. Many companies use DocuSign for this type of thing. The company does have a tech note on how they do this.