Here I am. Sorry I'm late to the party
I'll start by clarifying some terms so we can further discuss these matters with the appropriate context.
When people refer to "secure" communication, they're typically implying these three distinct features:
Privacy - Preventing third parties from seeing what is being communicated.
Integrity - Assurance that the message received was from the sender and not tampered with in transit
Authentication - Assurance that the sender is who you expect them to be and not an impostor
When providing security for a system, you also need to consider:
In amateur radio, we want to be able to use all of the security features above except for privacy. It's a common misconception in the US that FCC part 97 prevents the use of encryption and therefore most security features aren't available to us. However, what part 97 actually prohibits is "messages encoded for the purpose of obscuring their meaning." It's important to keep this distinction in mind when developing best practices and communicating them to users who may not understand the difference.
We should also try to avoid rat-holing any discussions with debate on whether privacy *should* be allowed as that isn't productive for our goals. It's also likely what contributed to past failures on this subject.
Luckily, many technologies already support these features without privacy which means we don't need to start from scratch. Unfortunately, privacy is the one thing most people think of when it comes to security. Therefore, our use-cases don't tend to be well documented or understood. That's what I hope we get a chance to fix.