Yes, this is one of the "problems" with open-source code. OEM/ODMs take some old version as the base for their firmware and don't ever update it (as well as doing "stupid" things, like the hard-coded credentials you found).
Interestingly, I only see one device mentioned that uses an RTL8196 SoC, and the DIR-410 isn't listed as supported for any release. I don't find 8196 anywhere in current OpenWrt code. I didn't find DIR-410 anywhere in the git commits of the OpenWrt project.
Based on the above, you appear to have a device that was never supported by OpenWrt and are running OEM firmware that is loosely based on an ancient version.
I would still be careful flashing one firmware onto another device, as there is often different interpretation of the flash, as well as how devices are "wired" to the SoC. Overwriting device-specific information, such as the "cal" data for the wireless (or MAC addresses) is not recoverable. In contrast to "disks", flash doesn't have the equivalent of an MBR or GPT, all the interpretation of "format" is done by the kernel, either coded in or from the boot loader passing command-line args.
There isn't anything that can be done to secure 12.09, which remains the basis of "cheap" devices out there. Moving to a kernel still under support, such as 4.14, will likely increase RAM consumption and will require updating all drivers and patches from any OEM source you might have.
282 kB is probably OK, given a typical erase-block size of 64 kB and a need for a minimum of three erase blocks for a jffs2 file system to function properly.
Any proprietary firmware and scripts (such as wlan.sh) are unfortunately outside the scope of what OpenWrt supports, even if that firmware was originally based on OpenWrt.
My suggestion would be to obtain the "mach" file from the OEM GPL drop and properly port the device to OpenWrt. I don't know the complexity of this task as a quick search on Google suggests that there hasn't been any sort of support for this SoC since Linux 2.6, which dates back to 2004 and went out of support two years ago. (Note that Linux 4.14 or later is "required" for OpenWrt at this time.)
Edit: This looks to be a "Lexra" core, which is not supported
See further