Also, I don't know if other people do this, but I don't actually use the pass scripts, and instead have my own scripts for managing things that just happens to be very similar to pass. I extend it in whatever ways I want to.
If I cared about this issue I would probably consider putting the passwords in a file system on a loopback mounted luks volume backed by a regular file, or maybe just store them in a different format altogether.
I do realize that the average user doesn't want to bother with all of this and wants something that "just works".
That’s part of the appeal. It allows for sandboxing each password to its own vault essentially (you pay a privacy cost, which I don’t mind anyways, and my disk is encrypted).
Only if you disregard that pass doesn't encrypt file names.