> OpenWRT is pretty great at offering features and security for consumer devices
That's a misconception. Nobody actually cares about security for packages that are not in the default install. For example, the initscript for sstp-client disables certificate validation unconditionally, see https://github.com/openwrt/packages/issues/25212
It at least offers more security than the usual alternative on a consumer router of the manufacturer's OS (i.e. something updated once a decade running linux 2.6 with GPL-violating unreleased patches so you can't update it yourself, all written in C by the contractor that bid the lowest).
That's a misconception. Nobody actually cares about security for packages that are not in the default install. For example, the initscript for sstp-client disables certificate validation unconditionally, see https://github.com/openwrt/packages/issues/25212