Question about L2F tunnels

["Michele M. Jordan" <mjordan () gestalttechnology com>]

Okay, I had a major provider who is doing Access VPNs tell a customer this:

    It is their
    statement that encryption is not necessary since it is not leaving the <provider's>
    network.  The tunnel will provide the necessary security is their position.
    I then asked her if security wasn't necessary, then why do we need the
    tunnel?  She said to that: "well the tunnel provides the necessary security,
    so encryption isn't necessary since it is going from router to router and
    that's the only connection that is possible.

This is financial data via a dial-up to a provider pop, provider
forwards an L2F tunnel request to my customer, my customer
accepts the tunnel request, authenticates via remote Radius, and then
initiates the tunnel.  If we did do encryption, it would need to be from
the provider pop to my customer's router.

I think encryption is necessary, what do you think?

-Michele