With respect to encrypting the request string, I can indeed think of a number of reasons to encrypt it. Probably the classic case would be one where you have created a grid filled with uniquely indexed person records. In each row, you may well want to have a link to a page that permits you to edit the record. You could simply give each link an argument such as "ID=X" in order to load the appropriate record.
John | Sample | <a href="EditPage.aspx?ID=1">Edit Me!</a>
Jane | Sample | <a href="EditPage.aspx?ID=2">Edit Me!</a>
Now, this isn't a problem if all staff have access to all personnel AND access to your page is gated by an authentication process AND you are using SSL (SSL is negotiated and all communication is encrypted before any URL arguments are sent). However, consider the case where you have restrictions on which users can see which records. So, staff in Chicago can only see people assigned to the Chicago location, New York staff can only see New York personnel, etc.
Now you have a problem: someone could compromise your location restriction by simply re-typing the URL with a different user ID. One way around this is to encrypt the request arguments. There are a couple of twists and turns, though. First, a simple encryption wouldn't work because the user could just try another encrypted value. You'd need keyed pairs or an algorithm that resulted in an extremely sparse mapping between IDs and URL arguments. A keyed pair solution (which I've used and would recommend) is easy: simply pass two encrypted, complex values that work together to result in a valid value.
Note that you cannot get around this via session storage because you don't know what value the user is going to select ahead of time. Similarly, a Post would be very clumsy in handling such a simple interface device.
With respect to your situation, the above shows a specific situation where it would be useful. Whether this applies in your case is for you to decide. You should however, consider whether the encryption they have implemented just substitutes one guessable value for another one.
Another note: viewstate is not encrypted by default. It is simply encoded via Base64. A hash is added so that you can see if it has been tampered with.
As far as the security of your web app goes, the only reliable way of ensuring that the data you are receiving is coming from your user and that the data hasn't been compromised in transmission is via SSL.