It looks like another case where the user "secured from himself", because there can be no distinction between a search engine set willingly and covertly, unless they make it possible for the engine URL to be enterable via the GUI, and then encrypt it. But I guess that is not acceptable, because copying and seeing the URL is considered too complex for the user. I'd still see that method as unnecessary "secure" for a simple search engine, because if there is unwanted software writing to my configuration files running on my computer, setting the search engine is the least of my concerns. The only "safe" solution appears to be a set of search engines set by the authors.