ryan thanks alot for the info.

robert. are you referring to the package protection level?

when we are in development we EncryptSensitiveWithUserKey enabling each developer to do their own thing while working locally. when we put our packages to DEV or UAT or PROD environments we EncryptSensitiveWithPassword with a strong common password.

this might have some useful info: http://msdn.microsoft.com/en-us/library/ms141747.aspx