TP-link router security issue

If anyone has physical access to a device, you can't be sure they didn't tamper with it. TP-Link manufactured it so you have to trust their entire supply chain. If you had a Netgear you'd have to trust their supply chain.

Encryption (HTTPS / TLS) is supposed to mitigate this - I don't know about what flygarn12 is saying about TLS proxies. I am not an expert.

You have to trust the entire OpenWRT supply chain when you install it. Every part of the process needs to be secure, and you have to hope that the NSA or other bodies didn't intentionally insert bugs that they will exploit. The alternative is trusting the stock TP-Link or Netgear firmware, which I think is a worse option.