Correct, but with everything in plaintext one just needs to read a file stored somewhere in a database. With encryption, one needs to perform an active attack.