GPG supports adding default recipients in gpg.conf file, for example:
encrypt-to test1@example.com encrypt-to test2@example.com encrypt-to test3@example.com
Sign/Encrypt dialog of Kleopatra doesn't show any information about default recipients.
However file will be implicitly encrypted for those 3 additional recipients as well as for explicitly defined recipients.
It creates potential vulnerability: if someone adds default recipient to gpg.conf then user will never know about it.
I propose to show default recipients in Sign/Encrypt UI.