CI’s sessions are, actually, cookies. Encrypted, but cookies nonethelesss. That’s why is preferrable to store session in a database, because you’re (supposedly) dealing with a less unreachable target from attacks, especially if you use Active Records wich automatically escapes your queries (so that SQL injections are avoided).
Also, contrary to cookies, DB doens’t have such limited amount of memory available, so you can store any amount of data you want there, cache the operations, and have them hidden from the frontend.

I’m not sure about why it is required, apart from the fact that some sessions datas are automatically encrypted by CI. So, even if you don’t make use of the Encryption library, some encrypting is still caried one (while saving session ID, for example.). As Kai Qing correctly noted, you don’t have to do any decryption on datas already handled by CI.

$this->session->sess_destroy() just deletes the data stored as sessions. While being also cookies, in order to delete the whole content you need to use the dedicated functions (look into the cookie helper, for example). Keep in mind, though, that when you call this function you delete also flash messages (as they are sessions), so if you just want to unset some elements, use unset_userdata($item).

It doesnt end the library loading, also. As for any other library, or class, or controller, or whatever, everything is re-loaded from zero after each request. Each time you make a request the scripts runs, reinitializes everything, and when the script ends all is lost like tears in the rain. That’s the regular lifespan of a php script. If your script is not bound to end after you call the session->sess_destroy(), the session library will be still loaded, though the data will be erased.