I don’t know how I missed it but by default OpenWrt router will be accessed via http. Http means that when you login, data will be transmitted via plain text and in many cases it can received by other devices in your network (depending on how you access router, type of router and what is you network configuration).

Many people can say that they have only trusted devices in your network. But devices have vulnerabilities. You never know if your device is vulnerable. Sometimes you may add friend of guest to your network. You have no idea if they update their devices or if they care about security at all. And in any case defense should be layers, so failure