MailCrypt plugin questions

I read the mailcrypt plugin document on the wiki and had couple questions.

1. If I want per-user encryption am I correct I should configure global keys with all related settings override in the userdb lookup?

2. If I do not want to encrypt some user accounts, is it enough to omit the mail_crypt_global_private_key from the userdb lookup? In other word, mail_plugins still active with mail_crypt, will that cause user account to be encrypted unexpectedly if no private key is given?

3. Example command to create EC key does not ask for password, openssl ecparam command does not seem to have password arg. If I want password-protection should I use RSA key which the doc tell to be discouraged?