Hi
Thank you for raising this issue!
Yes. It's intentional. As you feel confused about this part, I think we need to add explanation for this party. :)
How we protect data used in PPML workload?
If existing file systems don't support Transparent Encryption, we need to encrypted data before feed them to PPML workload. Meanwhile, we will have to add more settings, such as key configurations (we protect models in this way), access control etc for safety. That's a bit far away from our main idea.
Have a nice day!
Qiyuan