The barcodes aren't the problem.
The weakness isn't in the barcode, encrypted or otherwise. Barcodes are no more than machine-readable text, and there is no need to encrypt them if used correctly. The problem is the actual data for the person's check status is encoded within the barcode instead of kept separately.
What should happen is that some form of unique ID for a traveller is encoded on the boarding pass, which is then compared at the time of the scan against a database of some kind where the person's "pre-check code" is located. Since the check status never appears on the boarding pass, the question of being able to discover/change it is rendered moot.
Also, although altering a barcode is possible, it isn't as easy as you think. It's far easier to simply create a bogus boarding pass en toto with the appropriate barcodes ahead of time.
I would point out, however, that the barcodes in the pictures are what is known as "1D" barcodes, where the data is encoded along a single axis. By changing them to any one of several "2D" barcodes (QR codes are an example of a 2D barcode), manually altering them becomes next to impossible since the barcodes have error correction capability built-in and 2D barcodes have a much more complicated mathematic algorithm to create their pattern.
