Auto-encrypt is not preferable for all the reasons listed in OP's post. I'd like it to be disabled, but not sure you can force all or most DNM users to go through with it. On the upper side, you need to encrypt address only once per vendor used and paste that same cipher-text again when ordering.
Risks:
Expert info: you can check what is in public key block or message with gpg --list-packets
or pgpdump -impl