Everything is working out fairly well. For a closer look I wanted to use collectd to send data collected by the APs to a central instance, i.e. tx retries, tx failed, rx drop misc, tx/tx rate, aqm stats, airtime stats, etc.
Use menuconfig to select encryption for collectd and compile the collectd modules (and the needed libgcrypt library). Opkg install them.
OpenWrt is actually pretty size-conscious due to limited flash space in many routers, so quite many packages have a reduced functionality as the default set offered, while the build system enables the enthusiast user to compile a personal version with more features enabled. In that sense, we are for "building your own custom Linux system, entirely from source code"...
But as your statement preceding that sentence was wrong, I tried to point you to the right direction, that using encryption in collectd itself is possible.
The preceding sentence:
That issue was solved in Jan 2018 via PR 5468 re-enabling the optional encryption in collectd compilation. https://github.com/openwrt/packages/pull/5468
That requires you compiling the encryption enabled version, but is natively possible.