The encryption code (particularly in src/blowfish.c) is absolutely horrid, broken, unaudited, and written by people who don't know what they're doing.

This patch attempts to switch vim from one block cipher mode of operation (CFB) to what the author claims is OFB, because the author claims the code didn't match the documentation, so he changed the code rather than the documentation:

http://permalink.gmane.org/gmane.editors.vim.devel/44650

However, it's feeding the plaintext, not the ciphertext, into the next block. I'd step you through the maze of crazy macros that makes this happen, but then I'd probably have to stab my own eyes out with a fork.

At best, this is just broken. At worst it's a bugdoor. It's the kind of code that might make for a fun problem in a cryptanalysis challenge.

I would suggest burning all of the encryption code to the ground unless someone is going to step up and try to fix it.