Version: 7.2.0.4 (x64) / LibreOffice Community
Build ID: 9a9c6381e3f7a62afc1329bd359cc48accb6435b
CPU threads: 8; OS: Windows 10.0 Build 19043; UI render: Skia/Raster; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: threaded

Note: Likely applies to all LO major modules having word dictionary features on all LO-supported OS platforms.

On Windows at least, LO keeps user-defined word dictionaries and user incremental additions to LO standard dictionaries (such as standard.dic) in the directory Users\<username>\AppData\Roaming\LibreOffice\4\user\wordbook as *.dic plaintext files that are viewable/edititable with any *.txt capable tool.

From within an open LO doc (tested with Writer) that is configured for default LO encryption (not PGP, etc.) and requiring a password to open, adding a word to a language dictionary such as by habitual right-click context menu on a red squiggle alert in the doc text results in that entry appearing in plain text in one of the un-encrypted plaintext *.dic files noted above.

https://help.libreoffice.org/7.2/en-US/text/shared/guide/protection.html?DbPAR=SHARED#bm_id3150620 on protecting docs (or portions thereof) with passwords and LO encryption has a warning "Information entered in File - Properties is not encrypted. This includes the name of the author, creation date, word and character counts." but is silent regards Add To Dictionary actions resulting in un-protected data.

STEPS TO REPRODUCE:

1) In the appropriate user home sub-directory for the OS platform where LO keeps user-specific app data infrastructure files, examine the user-specific *.dic files (standard and user created). On Windows these are plaintext.

2) Create a Writer document (or other LO doc where word dictionary is a feature) and configure it for default LO encryption then save it with a password.  We declare the doc to be "encrypted".

2) Open the encrypted doc or just continue from step 2 after the encrypting save.  Create a test word such as TestDictEncrypt.  Add that test word to a standard or a user-created dictionary.

3) For completeness, close the encrypted doc.

4) Re-examine the *.dic files for the presence of the test word in plaintext.

5) If the test word is found plaintext, it has now leaked from the encrypted context.

The security issue here is that adding a word to a dictionary, especially user created dictionaries, is a habitual, muscle-memory action for users.  A user could perform this action then immediately forget that they did.  The LO UI does not by default add a work effort step to warn the user they are exporting data plaintext from the encrypted context of an open encrypted doc.  Nor, via Tools->Options->Security does the UI provide a way to prevent insecure Add to Dictionary or enable a work effort warning if to be allowed.

Now, the same could be said for Copy to (system) Clipboard however I suggest that action is somewhat more obvious in what it is doing whereas Add to Dictionary is opaque in how it is implemented.

I suggest Help should be updated immediately concerning insecure Add to Dictionary.  

I suggest until a secure Add to Dictionary function is in place (if ever) that by default actions that export data from an open encrypted doc should have work effort warnings managed via Tools->Options->Security.

I suggest that since each encrypted doc should be its own encryption security pocket universe, then a model for dictionary management would extend the exiting merge model (user additions to standard.dic are kept local but act as merged with LO-system wide standard.dic to the user, user-created dictionaries are just local only) to merge again with ".dic file" objects maintained as additional meta-data within the encrypted portion of each encrypted doc file.  The effect is that of doc-file specific dictionaries (or dictionary increments for merge). Help would then need to be updated to explain this model.

Regards.