@mttaggart IMO the last paragraph is pretty straightforward: there will be a blob on your disk encrypted with some secret. Ideally this secret is not derived from the user's password because we know how hard to crack those are...
What bothers me - aside this being a ~local keylogger built-in - is in fact a slippery slope argument: "Recall is a key part of what makes Copilot+ PCs special" which implies that they plan to build additional features on it (I expect cloud sync across devices for example) which will open the attack surface significantly.