This should give you something to go on regarding encrypting session data - http://nitschinger.at/Session-Encryption-with-Lithium.
As far as telling Auth::check()
which fields to save to the session:
Auth::config(array(
'default' => array(
'session' => array(
'persist' => array('username', 'email')
)
)
));
This is in the latest master, and there is more explanation at the top of security\Auth.php
.