IPSec is not an almighty security protocol.

IPSec does not concern itself with application level security.
An attacker can modify the data on a hard disk.
IPSec cannot authenticate an user.
Because it is not easy to bind a user with a IP packet.
The method is designing.

We have to use another security method in conjunction with IPSec.
Encrypted E-Mail
Secure Sockets Layer
etc.