I've found a vendor (tomorrowman, on agora to anyone interested) using his known pgp key, but he requires FE to everyone, as he has for a while now after BMR had their first problems arise. My question is, if the vendor requires FE on all orders, could the person still be a scammer that just copied and pasted the real vendors public pgp key into their profile, but doesn't give a shit since obviously he won't need to ever actually decrypt your address and you already gave him your money? Sorry if this is a stupid question.
Yes, I think it's definitely technically possible.
I would just send him an encrypted message and try to get him to respond, that way you know. Don't just place an order and FE, ask him a relevant question. If he ignores you, then I'd be suspicious.