Just a random failscript we stumbled across:
$random_key = get_option('XXXXX_random_code');
$output = "\n".stripslashes($cart_item_name)." - ".$script_location.'download.php?file='.rawurlencode(base64_encode(RC4Crypt::encrypt($random_key,$download)));
I vote for removing crypto primitives from PHP altogether. Oh wait, people would just code up their own ROT26 then and use CRC for hashing. Nevermind. Maybe also remove the xor operator then?