SharePoint and AD-RMS: why documents are stored in Plain Text

Documents are stored in Plain Text at SharePoint level.  When a user uploads a document to a documents library, if the document is already protected, then it is decrypted and saved in sharepoint. If not it is directly stored in the documents library.

When a user uploads the document that is stored in a protected library, then the document gets encrypted at AD-RMS level, decrypted if the user has the corresponding permissions, not decrypted otherwise.

 SharePoint Foundation performs its standard processing, such as synching document metadata, that’s why the document Is stored in plain text.

More details: https://msdn.microsoft.com/en-us/library/ms416939.aspx