Use old program API for the encryption program. Old API passes the key as the command line argument to the program which is insecure. Users should upgrade their encryption programs to the new API, which write the key as the first line, and the text to be encrypted afterwards.
See Also: set/encrypt_program