the password length was part of the issue, but one where I need help with is them saying: "Widely accepted by cryptographers as a more secure solution than AES/Rijndael"
The part I'm more concerned about is that they turn off encryption completely for free accounts, which implies the existence of some kind of remotely-controllable "encryption killswitch"