But once the protocol is published, it won't be the only client. Other clients will also have to make encryption decisions.

I agree, this would be the best action for both the user and host. I'd add a check on the host to make sure the data looks random as well to protect against rouge or malfunctioning clients that attempts to store plain text. Encryption must be mandatory and enforced, this will prevent so much pain for all parties.

'looks random' is a pretty bad idea. It will bogusly fire on random files and won't prevent people from just standardizing on a key of 0.