Caution!  The application source code calling the AES_ENCRYPT_VARCHAR or AES_DECRYPT_VARCHAR functions should be secured because the passphrase is visible in the call.

Caution!  The SET SESSION_TRACE command logs SQL statement text, which includes the passphrase. This command is limited to users with TRACE privilege and is written to a file owned by the installation owner, but session tracing should be used with caution if the encrypt and decrypt functions are in use.