It's actually worse than that. It's not just that encryption isn't enough, it's that encryption can be worse than no encryption, since using encryption marks you out as someone who's different than the vast majority of users on the network. In a world where normal people are happy to sling everything around in the clear, a person using any encryption at all flags themselves as potentially suspicious. (Not suspicious enough by itself to give a Western law enforcement agency what it needs to make a case against you -- but more than enough to convince less scrupulous actors like intelligence agencies that you're a person deserving of a hard, hard look.)

Moreover, the more sophisticated the encryption you use, the more you set yourself apart from the crowd, further increasing your vulnerability.

This is why we want to make it standard for the world over. If everyone uses OTR chat clients, you using OTR chat clients doesn't stand out. If the corporate world uses VPN, then VPN traffic doesn't stand out. If %70 of the internet is always under SSL, then you using another SSL website or email server does not stand out. If %10 of the country uses TOR to look at porn or whatever else in your country because you restrict it with your countries' firewall, then TOR doesn't stand out.