I just did a default installation of PGP 8 for Jaguar, and noticed something rather disturbing. Though it's not really a critical issue, it's something that I think every seriously security-concious PGP user should do something about.
PGPKeys puts your private keyring, by default, in ~/Documents/PGP/ and sets the folder permissions to drwxrwxr-x which essentially means anyone who has access to your system can grab your private keyring, or replace it with a spoofed one! To makes matters worse, if you have symlinks from from your web folder to all over the place (to share movies, photos, whatever), you may have accidentally given web access to it as well.
To rectify this, I changed the folder (put it in ~/) and set the permissions to
drwx------ (and also applied it to the key ring files themselves).
Someone with SSH or unchrooted FTP access can see everything if you're not careful
Anyway, it strikes me as pretty silly that the PGP installer doesn't take care of that...I think they're gonna get an email from me tonight.
If I get seriously paranoid, I can always put my private keyring on my USB flash drive (see sig), which actually seems like an ideal place...