[aidenn0]

If a copy is physically protected (probably good to have one that is) then it could potentially be unencrypted. Restic won't let you have unencrypted backups (a reasonable design decision to prevent accidentally unencrypted backups), but Borg will.

I also keep my important passwords written down on a piece of paper in a fire safe. This includes my borg and tarsnap keys.

[1letterunixname]

Encryption is an layer to prevent disclosure in cases where offsite vaulting fails to keep data confidential. Backup passwords can be split amongst trusted individuals (N-person keying) so that no one person can access contents themselves, but there is no point of failure when multiple people with the same part of the password.