This post from the Washington Post blog Security Fix discusses Google's continued failure to make encryption a default setting for many of the Google Apps products:

At issue is whether Google is doing enough to block hackers from hijacking a user's Webmail account or intercepting information from online documents. An increasing number of free, publicly available tools may make it simple for even novice hackers to launch such attacks.  

As we've noted before, Gmail users can turn on a setting that automatically encrypts Gmail.  However, this option isn't available for Google Docs or Google Calendar, and even if it were, relying on the user to change the default setting isn't good security policy.

[Thanks to Molly French for the article.]