Dear CoderBoy,
Here is the initial feedback on this from the development team:
I appreciate the back-and-forth described here. CoderBoy obviously has a good reason for wanting improved data security on the extensible storage data, but as you found in the conversation, it's definitely not simple. When EStorage was introduced we wanted to ensure that the owner of the model maintained control of their data in the model. So even with a secure solution that could not be read (short of duplicating/spoofing to be a different add-in) deleting the data was still possible, because the owner of the data might decide to stop using an add-in and want to clean the data, including data on any of their design elements, as a result.
At the time, we didn't have the DataStorage element. But there's still a potential problem with locking this element, if the user opts to no longer use the add-in that created the data.
The idea of a private key that is not the vendor id/application id combo might be more approachable, but deletion of the data may need to remain possible, unless there is another option we can come up with. It is complicated and would require a lot of attention. Currently this is not likely to become a priority for the near term as I don't believe we've ever had a developer feedback looking for this higher level of security.
Cheers,
Jeremy