The actual data being transferred is not encrypted, although the security pin is, which is up to a 16 digit alphanumeric pin. This is 8000000000000000000000000 different possible combinations, therefore a brute force attack is impossible. Once someone has the code or a paired device, they can access the data which is then not encrypted, that's what I mean by you can get extra encryption.
Here's some more info about bluetooth security.
Implementing Security
Developers that use Bluetooth wireless technology in their products have several options for implementing security. And there are three modes of security for Bluetooth access between two devices.
* Security Mode 1: non-secure
* Security Mode 2: service level enforced security
* Security Mode 3: link level enforced security