I don't know if that has been discussed already, but I just noticed when testing the 0.13 rc1 that when I first create a wallet, the first 100 private keys are written to the wallet, then when I encrypt the wallet with a passphrase the same 100 private keys are re-used even though they have already been written unencrypted to the disk.

In previous releases we were careful when encrypting the wallet to discard any keys that had been written unencrypted, so it seems like we may be introducing a security hole with this HD wallet change.

Edit: I'm sorry, none of that is true. The keypool is discarded upon encryption, but the same HD seed is used after encryption.

Maybe the best way to fix this would be to create a new HD seed when encrypting the wallet. Because the HD seed itself has been written to disk when the wallet was created, and so we cannot safely continue using it once the wallet is encrypted.