Field encryption standard used

Hello All, 

I've been using Sugar for a couple of months no, currently on enterprise 10.2, and have been looking around for this info, maybe in the wrong areas possibly. We know we can create 'encrypted' field types within studio, but what encryption standard does this use, and just how secure is it? I've seen references to blowfish and MYSQL on some discussion posts, but none that indicate is it truly worth using these field settings as opposed to more global protection practices. My company is considering wanting to store some sensitive data fields within sugar and are curious whether or not this would be a worth while venture. 

Thanks much all.