Currently any profile uploaded to SimpleMDM as custom profile has to have a 'PayloadContent'-Key to be accepted.
All data in this Payload is plain text which isn't a good fit if you want for example to provide password protected certificates for S/MIME Email encryption within that payload. As leaving the password blank to get it as user input during installation only works for direct installation not for MDM provisioned profiles there is no secure way to get said certificates onto the users devices using SimpleMDM.

Supporting the upload of encrypted profiles with a 'EncryptedPayloadContent'-Key would allow users to provide password and certificate together in a safe way.
An example of how to create such an encrypted profile can be found here: https://derflounder.wordpress.com/2019/09/16/creating-macos-configuration-profiles-with-encrypted-payloads/