Well the "secret" vs non secret is really just symmetric or asymmetric encryption.
In symmetric the same key is used to encrypt and decrypt, in asymmetric a public key is used to decrypt data signed by a private key.

We can make asymmetric without having to go the PGP route, but I am not sure if its really needed, the users still need to protect them selves against a server compromise, by using more than 1 service, or looking up the data on a blockexplorer(of cause not everyone will actually do that).