Electrum: Enable (optional) encryption for watch-only wallet files

Another security implication is the possibility for an adversary to spoof addresses editing the watch-only wallet files (and any not encrypted wallet file).
Maybe this should be addressed for any kind of not encrypted wallet file verifying the single addresses against the public master keys when opening a wallet file.

If an adversary has file system access then at that point in time your computer is compromised and it doesn't matter what you do.

The reason whole wallet file encryption was introduced is to prevent people from receiving money to a wallet they can't spend from. With a watch-only wallet even if you know the password there is no guarantee that you can spend from this wallet since the seed is in another wallet file.

So overall I don't agree that this is a feature worth adding.

Do you care to explain how exactly wallet files encryption can protect users from receiving funds to an address they can't spend from?

To get an address to receive bitcoin to you need to open your electrum wallet file. If you have full wallet file encryption you will have to enter a password to decrypt your wallet file first. Only then can you get a receive address. The fact that you entered the correct password also means you can spend from that wallet. Of course it doesn't prevent you from handing out addresses that you have recorded outside the wallet file.

Previously electrum only encrypted the secrets in the wallet i.e. the seed and private keys. This allowed people to view the wallet and get receiving addresses without entering any password. Some people would receive bitcoin to their wallet but when they went to spend it they would be asked the password and they would discover that they didn't know the password. So their funds were stuck in a wallet they couldn't spend from. In most cases they had backed up the seed and could restore their wallet from that. But in cases where they didn't back up the seed their funds were stuck in that wallet forever.

If an adversary has file system access then at that point in time your computer is compromised and it doesn't matter what you do.

This is a little misguided. The assumption that whoever is able to access your watch-only wallet file must have fully compromised your computer is pretty far-fetched. Especially a watch-only wallet might be used on a mobile device (eg a smartphone) or backed up to a thumb drive to allow to monitor incoming (or outgoing) transactions on the go. Protecting your privacy in case of loss of your backup device (or a compromised backup cloud storage) is a legitimate goal.

The reason whole wallet file encryption was introduced is to prevent people from receiving money to a wallet they can't spend from.

I would be surprised to learn this was the sole reason to add wallet encryption. For example, besides privacy, encryption also prevents an attacker from tampering with the wallet. An attack scenario might be adding public keys to the victim's watch-only wallet (assuming an attacker has access) to trick them into believing they received funds that in reality were sent to an attacker-controlled address.

This should now be resolved, due to merging https://github.com/spesmilo/electrum/pull/3346