Reader Thomas noted that Acrobat Professional can also “undo” basic security that may have been applied to a PDF document (although digital signatures would be more difficult).
This is true, and raises a more general point: what levels of security are required for different types of threat. On the one end you have targeted theft of corporate secrets. On the other end, you have the situation where law firms do not want to send out zip files because clients won’t know how to deal with them.
Basically, there are three kinds of threats: (1) general curiosity - “I wonder what’s in this file?” and employee hostility (“I’m going to quit tomorrow and want to see how much damage I can do”; (2) random hackers that are just trolling the web; and (3) targeted maliciousness by extremely savvy people.
From the security point of view, there is the principle that higher levels of security require more work by the user. How many people actually secure their email using PGP, for example? By and large it’s “too much work.”
Basic security - whether PDF files or the “security” of the built-in password function in Word or WordPerfect, is very primitive. Commercial and even freeware products are available to break these passwords. Of course, this implies forethought - you have to make the effort to obtain one of these products. Basic security therefore is intended to deter only casual and/or not very knowledgeable people. Unless you are working on high-profile, high-dollar cases, basic protection is probably adequate in most cases.