Encrypted properties containing data that needs xml escaping (eg a database password containing '&') are encryped in escaped form but decryption uses them directly. Encrypted properties do not need xml escaping.

Eg:
1. Install an mysql connection with the password 'pass&word'; password is saved as pass&word in properties.xml
2. Launch openfire
-> mysql connection is established correctly and password is now stored in encrypted form.
4. Restart openfire
5. Openfire startup fails due to incorrect database password (pass&word) is used.