I agree yes it is conceivable and indeed such worries date back to OpenWrt 18.06. Hence the additional test to set encryption on one node to none and see if it still connects, or even better, use a different key.
I have not recently looked at packets on air but have in the past. Nothing leads me to believe there is actually no encryption particularly as all versions of OpenWrt from 19.07.0 onwards can join the same mesh. As for a 21.02 "jumping" all by itself to unencrypted just because ... I'm not sure what because.....
BSS c0:c9:e3:e6:16:3d(on mesh)
last seen: 1391773.136s [boottime]
TSF: 1389612288059 usec (16d, 02:00:12)
freq: 5180
beacon interval: 100 TUs
capability: (0x0010)
signal: -56.00 dBm
last seen: 10 ms ago
SSID:
RSN: * Version: 1
* Group cipher: CCMP
* Pairwise ciphers: CCMP
* Authentication suites: SAE
* Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
HT capabilities:
Capabilities: 0x19ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-23
HT operation:
* primary channel: 36
* secondary channel offset: above
* STA channel width: any
MESH ID: rsb_mesh
VHT capabilities:
VHT Capabilities (0x338001b2):
Max MPDU length: 11454
Supported Channel Width: neither 160 nor 80+80
RX LDPC
short GI (80 MHz)
TX STBC
RX antenna pattern consistency
TX antenna pattern consistency
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: MCS 0-9
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: MCS 0-9
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
VHT operation:
* channel width: 1 (80 MHz)
* center freq segment 1: 42
* center freq segment 2: 0
* VHT basic MCS set: 0xffff
Changing the password on one router while using encrypted connection does not connect to secondary router (I would not draw the conclustion that this indicates an encrypted channel).
Seen as this is rated a bug now, I presume that this will be handled accordingly and we will get an update soon