It’s my understanding that, once a record has been transferred into an Organization, there’s no way to bring it back to the original owner, not without exporting to CSV & reimporting again.
It’s unfortunate that this edit / move by the original owner of the records is forced to put their data into unencrypted CSV, even temporarily.
Left on a machine long enough, it could cloud-backup to any backup service and a bad actor (or any hacker / intruder that gained access to AWS, DropBox or iCloud) would have access to an unencrypted text file of all your passwords.
Yes this is probably a rare problem, but it would be great to see it solved by editing the location of those records (in & out of Organizations) from within BW, and data still encrypted.
Or, allow for a BW Vault type of encrypted export, at the very least. Good feature for making addl backups “snapshots” of your BW database.