I don't know much about performance, or save-files. But you shouldn't really worry about encryption. If the player want's to edit their save file, allow them. Its their fault if the screw up. You shouldn't spend dev-time on a feature that locks people from making level-editors and cool content-creation stuff.
As for the save file type, depends on the game
If you have a world where you can place a lamp on a house, then move the house and the lamp at the same time, use XML. Theres allot of really good parsers (XML-Java) out there for it (JDOM!!!). For state based games, serialization would be your best-bet ( I think ). Its like saving java fields to a file in raw data. For example, you'd save your current level stats (like enemy and player health) into a save folder with .ser file extensions (save1/player.ser, save1/entity-*entitiyID*.ser).
So for editable terrain and creatable-objects, go XML.
For story-state-based, X-number of entities per pre-defined level, go serialization.
Sorry if I got serialization wrong, I've never used it. But I do know the concept of it.