Hi Joost,
The only thing on that, is doc variables don't get encrypted either. They are still stored in the document (in plain text) for all to see. If you define a variable named "Foo" with a value of "Bar" then password protect and encrypt the document (and the vba project) it will still look like this in Notepad:
 Foo ?  Bar
So even if you do go that route, you will still want to obfuscate the value for storage to defeat the "notepad attack"


Edit:
Although as someone who spends their time in Access, Excel & Outlook, I was totally unaware that of the Document.Variables collection. I'm really glad to know about it. That would totally useful for storing persistent values without using the registry. And the fact that they stay in the document is even better then the reg (IMO) because the data can go with the document instead of being lost between computers.