Currently, if a user asks gpg to encrypt data to a name (as opposed to a key
ID), gpg selects the first valid key in its keyring that has a matching User ID
(regardless of the calculated validity of the User ID itself).
This is problematic in a number of use cases, and can cause potentially serious
security problems if data is encrypted to the wrong key.
A proposed new heuristic for selecting a key is:
Select the most recently-generated valid key that has a non-revoked, non-expired encryption-capable subkey, and has a matching user ID with the highest-available-class of calculated validity for the given User ID.
discussion and details about the concern can be found in gnupg-users: