When StuffIt encrypts, it leaves the file and folder names in the
encrypted archive visible. This is probably OK for most applications,
but it is a security hole. Descriptive names could reveal a lot by
themselves, and provide a determined cracker with a shopping list to
prioritize further efforts.

It's possible to encrypt an encrypted file to hide the names in the
archive, but that is clumsy. Is there some way to achieve that effect
with StuffIt in one pass?