Sure, all software tends to have bugs and using multiple layers of security is a defense against this. But the assumption of bugs is not a logical foundation for a discussion of the design. Sure, if it's practical Alpine should deploy SSL. I'm just dispelling the idea that the PGP-based approach is insecure.