The method used by Ghost to password-protect images is cryptographically weak to the point where it can't really be called encryption; setting a password does obfuscate all the data in the image but the level of protection provided for it is only against casual inspection, and will not stand up against any kind of determined attacker. At best, the -pwd switch should be considered as being only a weak form of access control.