As you know, Google is now not passing referer data to AdWords advertisers log files, web servers and analytics packages. Hence, AdWords went Not Provided. But, there are easier ways for AdWords advertisers to get that data than organic users, which leaves open the purpose behind not provided in question.
Google says this is done for the "security of our users" but if that was the case, why does ValueTrack still work, and the ability to use dynamic keyword insertion where you can set custom landing pages with it?
This can be a confusing topic, so again, I'll step back and explain.
Not Provided with AdWords means that the referer data passed when a searcher clicks from the search results ad to your site is removed. So that keyword data is removed from the referer data so it would protect the searcher from anyone knowing about their specific search, except Google.
But if the advertiser can pass the search keyword via ValueTrack and keyword insertion, even if the search keyword doesn't exactly match the query (although chances are it will match 100%) exactly, that is still a security issue to the searcher.
If they are afraid of the NSA or random sniffers, then only pass referer data from Google SSL to SSL enabled sites. If not, then turn off the ValueTrack and/or the ability to pass a hint of the keyword to a destination URL.
If they are concerned about someone stealing data from the advertiser, then again, don't pass it even with SSL enabled, like they do on organic.
The API and AdWords reports are fine to keep with this logic but not ValueTrack and custom keyword based destination URLs.
Am I making sense? Is this implementation of not provided within Google AdWords hypocritical still? Yes, it matches the organic side but the organic side did not have the ability to implement ValueTrack and custom keyword based destination URLs.