Consistently block delegates or shared mailbox members from accessing protected messages in Outlook

Couple of questions. 

For Delegates, what is this impact to those with proper delegate access granted, i.e. not provided Full Access to the mailbox, but rather Delegate Access granted through Outlook? Are they able to access protected messages and does this cmdlet provide any controls for those people? 

For Shared Mailboxes, the use of Full Access is essentially the standard way of providing access, however the use of AutoMapping is not best practice since it results in lumping the cached Shared Mailbox data into the same OST as the user's mailbox data, resulting in Outlook becoming extremely unstable. So the 2 questions I have here would be 1) If AutoMapping is not enabled, are those provided Full Access to the mailbox not able to access encrypted messages in the mailbox, and if not is there a workaround or roadmap item to allow access without AutoMapping? and 2) Under what scenario would you not want users with access to the shared mailbox to not be able to access encrypted messages; I see the example provided here but that is seems like a pretty unlikely scenario. 

Thanks in advance!