At the moment I personally thing the RPi4 is a fabulous choice for router: RPi4 routing performance numbers
For WiFi, it's best if you can place your access point strategically, so an all-in-one device is really sub-optimal there, and choosing a two-piece setup makes more sense (plus it gives you easy SQM as well). You might look at something like the GL-B1300 or a commercial access point like the EAP225 (run the stock firmware).
Stock firmware for an access point is going to get you highest compatibility of the wifi, and these days that's an issue. The security implications are far less for an AP than for a router. I'd never run stock on a router, but an AP is basically ok.