Just found from cvedetails that openwrt only got handful of bugs each year and usually got patched.
Last week I still use a TP1ink C2, which have a large hole before wannacry (2017), and
Still no update after wannacry! Even another D1ink 842, there are updates but
Seems don’t address the large hole. (both are code execution holes!)
So my opinion is openwrt good as outer router.
But I will still use an inner router, because that old buggy TP1ink C2 got MUCH
Better parental control. You can go see in TP1ink's website, the emulator.
It let you choose device(by mac/ip), target site(by url/ip), schedule time PLAN,
And then choose combination. Openwrt only choose device(mac/ip), target (by ip, no URL), exact time slot, And need enter all again for each entry. Openwrt can block URL by adblock but NO timing can be chosen.
Many people are against "double NAT", so far I am ok with it. And
Indeed I hope it provide further security to my PC.
TP-LINK firmware is based on a very old version of OpenWRT so it's better to use the latest OpenWRT of you want to protect the router from known exploits.