Just to be sure: you know that the LoRaWAN specifications define encryption of the LoRaWAN application payload? (Although that’s not 100% correct in LoRaWAN 1.0.2, so you need to trust the network provider.)
As for the size: downlinks have the same size limitations as uplinks. See the LoRaWAN regional parameters for your region for the numbers, though some networks and libraries only support smaller messages. And the Fair Access Policy limits the number of downlinks to 10 per day. See Limitations: data rate, packet size, 30 seconds uplink and 10 messages downlink per day Fair Access Policy.