Encryption–protection from deliberate attack
You will find that most of the financial institutions are using passwords based on your PAN, name, address or account number. None of these are particularly confidential. This protection will guard against accidental exposure, e.g., the statements going to the wrong email ID. However, if your accounts were compromised, these documents will not be safe. Even brute force attacks on documents with such passwords are not difficult.
If the financial institutions were serious about security concerns, they should have offered you the option of using GPG private/public key encryption. You would upload your public key to their site or, better still, it could be a part of the KYC (know your customer) infrastructure. Each document they send you would be encrypted by your public key. Unless you lost your private key, the chances of your documents being compromised even if your email account was compromised, would be remote.
It is a nuisance to keep track of which type of password is used by which organisation, every time you receive a document. And if I want to keep a decrypted version of the PDF document on my desktop, the easiest way for me is to print the password protected PDF document to a PDF file!
On the other hand, it is not difficult to use GPG encryption on KDE and GNOME desktops now. You can experiment with them. Here is a sample KDE session.