Shouldn’t Forgejo private repositories be encrypted?

No? It doesn't seem to be a use case they target.

If you want to use git to store sensitive data, you should encrypt it before committing / pushing it.