That doesn't contradict what I wrote, though. As far as I know, Blowfish hasn't been broken, and while it's theoretically less secure than its successors, it's still a valid choice if you want to use Vim's built-in encryption, which only supports pkzip and blowfish.