Keep in mind that only PDFs with a user password (required to open the document) are safe from cracking. The following should be avoided because the resulting encryption is weak and could be cracked:
Passwords consisting of 1-6 characters should be avoided since they are susceptible to attacks which try all possible passwords (brute-force attack against the password).
Passwords should not resemble a plain text word since the password would be susceptible to attacks which try all plaintext words (dictionary attack).
Passwords should contain non-alphabetic characters. Don’t use your spouse’s or pet’s name, birthday, or other items which are easy to determine.
40-bit RC4 according to PDF 1.3 (Acrobat 4) encryption should be avoided since it is susceptible to attacks which try all possible keys (brute-force attack against the encryption key).
The modern AES algorithm is preferable over the older RC4 algorithm.
AES-256 according to PDF 1.7 Adobe Extension Level 3 (Acrobat 9) should be avoided because it contains a weakness in the password checking algorithm which facilitates brute-force attacks against the password. For this reason Acrobat X/XI/DC no longer offer Acrobat 9 encryption for protecting new documents (only for decrypting existing documents).
In summary, AES-256 according to PDF 1.7 Adobe Extension Level 8/PDF 2.0 or AES-128 according to PDF 1.6/1.7 should be used, depending on whether or not Acrobat X/XI/DC is available. Passwords should be longer than 6 characters and should contain non-alphabetic characters.