Thanks for the kind words, Martin! I credit the document to Bob Van. He took all the stuff in my head, added stuff in his, and made it accessible.
Multicast brings in a number of security concerns that unicast might not normally address. Specifically, different forms of non-repudiation, efficient rekeying on group membership changes, etc. However, all of the issues are quite well known and have decent solutions. QUIC addresses a few, but really does not address them all (it doesn't need to).
BTW, we do plan to provide a multi-send form of multicast for cloud usage of Aeron eventually. Timeline not set yet.
From an implementation standpoint, the mechanics of the Aeron logbuffer allow for the most efficient form of encryption to be applied in a pipeline form without slowing a publisher or receiver. With todays processors, the use of a logbuffer and the right architecture could, I am totally convinced, have the least impact on throughput and latency out of any approach taken by any transport in use today. Making confidentiality much more accessible to use cases that traditionally have avoided it due to performance impact.