- I am assuming that the encryption (private) keys for the users are stored on the server. Is that a correct assumption?

- I also read that if a user forgets their passphrase, that it can be re-generated with the recovery agent. How does this work? I mean, it seems like a potential security weak link, no?

- The file names are not encrypted, from what I can tell. Is it possible to encrypt them as well?