After some internal discussion, we have decided that, if we abstract encryption, it’ll happen at the account contract and not the application (which still has the power to ignore the account and go with whatever scheme it wants though).
We’re leaning towards abstracting encryption, mostly because we want to abstract note tagging as well, and using precompiles as a mitigation to the security issue: account contracts would somehow signal (eg via metadata) which precompiles it uses for encryption and tagging. Also, it’s possible we’d need some precompiles that do not actually perform encryption but rather delegate it to other addresses: eg in the case of a multi-sig contract, we may want to encrypt once for each participant, using each of their preferred method.