Fwiw I just flashed my AR750 to 3.203, hung it off my home router (which of course runs regular OpenWRT), and ran tcpdump for a few minutes across a few reboots (one w/o any client devices and two with clients). I don't see any traffic I'd categorize as suspicious. It's somewhat chatty w/ superfluous pings to Google's DNS, presumably due to the mwan3 package despite there only being one live interface, and the NTP config may be excessive, but that's it.
Disclaimer: while I'm technically a security professional w/ 34 years of Internet experience, this isn't really my area of security expertise and I didn't do a super-thorough analysis. E.g., if you are paranoid, there's any number of ways to mask malicious behaviour, including (and commonly) just not doing it for the first N minutes to defeat such lazy tests. But for my personal use when travelling, it seems fine to me, but then again, I trust TLS and live in a "zero trust security" model world (i.e., I mainly worry about the security of my device and my endpoints, not the intermediate devices).