As others have noted here:

a) APCO-25 is technically not encryption, but is rather a form of digital modulation. (The best parallel I can give--it's basically VoIP-like communication over the air, and uses a similar approach to digital cell phones. It also allows radios to use much less bandwidth than they otherwise would.)

To give an example--there are amateur radio operators that use APCO-25 on an experimental basis, including APCO-25 repeaters. If this were encryption rather than digital modulation, this would actually be illegal--amateur radio operators aren't allowed to use encryption save for telemetry instructions to amateur radio satellites per Part 97 of the FCC rules (which amateur radio operators are expected to know very well, and are tested on this).

Instead, amateur radio equipment manufacturers (ICOM particularly, interestingly enough) regularly sell amateur radio equipment with APCO25 capability...which they wouldn't be able to get the type acceptance to do otherwise.

APCO-25 is no more encryption than ATSC "digital television" that is broadcast over-the-air is; instead, it's better to think of APCO-25 as a format of "digital radio" that public safety agencies have standardised on.

b) The main kind of actual encryption (rather than digital modulation) used with APCO-25 systems tends to be with the use of DES encrypted keys--it's not dissimilar to how Gnu Privacy Guard or SSL encrypted webpages work, and it's used because it's one of the few kinds of encryption that can work with digital modulation. There ARE a few federal agencies that do use DES-encrypted APCO-25; these tend to be the military and the FBI (the latter when scoping out a subject, the former not on all channels). There are also public safety agencies that do use DES-encrypted APCO-25 for ambulance traffic for HIPPA considerations as well as SWAT team traffic.

Of note--according to many sources that devote themselves to informally mapping out federal systems, there has not been evidence found of DES-encrypted APCO-25 traffic on TSA channels.

c) Complicating matters is the fact that there are apparently two separate radio systems (at least!) in use by TSA--one being a digital APCO-25 system that is unencrypted (and in fact can be received in the clear) and a separate analogue system using what may be the most primitive and laughable form of "encryption" known--one which is trivially defeatable, and doesn't even risk DMCA violations for doing so. (Technically, it's not even really encryption; rather, it's a form of "scrambling".)

In addition to the digital TSA systems (and the occasional TSA "liason talkgroups" in use in trunked systems operated by large airports), there is an analogue system now being deployed which uses ICOM analog-only business radios with voice inversion. Basically, all voice inversion does is reverse frequencies at certain thresholds (and make un-decoded audio sound like Donald Duck); it's typically used as a cheap solution in commercial radio systems in lieu of real encryption as it's far easier to implement and it's typically "good enough".

However, unlike real encryption systems (like DES-keyed radios), voice inversion is trivial to decode; both hardware and software solutions have been around for the past 15 years or so, a decoder can actually be built with a minimum of parts from Radio Shack or Mouser or Digikey, and it is considered a poor enough solution for pseudo-encryption that the only groups using it are "rent-a-cop" security agencies or other private security groups that can get by with a "good enough" solution to deter the casual listener. (In my area, the only groups using voice inversion are a rent-a-cop agency for its recon ops and truant officers at some schools doing surveillance on kids skipping school; actual public safety agencies went to real encryption LONG ago.)

To give you an idea how long "voice inversion" has been broken--back LONG ago (in the 70s and early 80s) when over-the-air broadcast TV stations experimented with pay-TV services using decoder boxes...these used a technique similar to voice inversion to scramble their signals, and instructions were soon printed in electronics mags on how to homebrew a descrambler without paying for pay-TV service.

Technically, the system could well be broken by someone purchasing a commercial radio (it doesn't even have to be the same ICOM model) that has capabilities for voice inversion. :3

Of course, all of this leads to the real question:

Why is TSA using what is pretty much a cheapie scrambling system designed for business radio systems (and particularly rent-a-cop security ops) instead of a real, secure, encrypted system?

The TSA uses and has already widely deployed APCO-25 radios for its own ops (and with at least some airport systems also has APCO-25 capability through THOSE radios) and pretty much all APCO-25 capable radios sold to public safety agencies do have the option for encryption (hell, railroad radios with APCO-25 capability have the option for DES encryption plugins, as did their analog predecessors; even the ancient Motorola Spectra had a DES plugin option)...

..Unless, for some reason, the TSA had to go with amateur-radio APCO-25 capable kit not capable of encryption, or they were ineligible or too cheap to deploy APCO-25 radios with DES capability. One wonders why they're stiffing their own employees (with a budget of effectively infinity) when pretty much Sheriff Bubba Jo-Bob in Podunk, Georgia can actually get a APCO-25 capable radio with full DES encryption capability with a small Homeland Security grant and often with help from his state government which does not have a budget of infinity

My bet--cost; the ICOM F50V is $342.50 at Kollman Electronics (a common supplier of radio equipment for security and public safety agencies) whereas the ICOM ICF70DS (which DOES have Federal and DHS-standard AES and DES encryption along with APCO-25 capability) is $1090.34 at Kollman.

(Oh, and to add insult to injury--per ICOM's own listing for the radios the TSA bought, there is in fact no way to add real encryption like DES or AES to the radio--it's either voice inversion or stuff in the clear. Yes, pretty much they explicitly bought radios for which it's impossible to install a robust encryption system.)

(Why, yes, I am a radio geek; why do you ask? )

EDIT:

As an aside--the "XTS" radios you're referring to would be the TSA APCO-25 radios, specifically some flavour of the Motorola XTS family; if you were handed out XTS-1500s, I guarandamntee they're not encrypted (only using digital modulation) because digital encryption isn't even an option on the XTS-1500.

If you did get the XTS-2500 or XTS-5000, encryption is theoretically possible (more likely with the XTS-5000, seeing as those do have option for Over-The-Air-Rekeying as well which is more common with a site actually using encryption such as DES or AES) but--again--thousands of hobbyist monitors have never found evidence the TSA is using DES or AES encryption (and it would be trivially obvious and widely noted if they were ; it sounds like digital noise in radios that don't blank it out entirely).

Oh, and one more point--just for the record, you can't tell just by looking at a frequency that something is encrypted