This has been exceptionally done to death on Reddit but I’ll say it here since Reddit is dead.
Authentication -
If what you’re looking for is a login front end you could check out paper merge - personally I’ve got Keycloak and Nginx running so I can just make my own login page anyway and put paperless behind it.
Stuff with sensitive documents should probably not be on the internet anyway unless you’re a really advanced user.
Encryption -
In app encryption offers no security because the encryption key is stored in RAM and likely a database entry that must be unencrypted.
So the Devs are 100% correct in stating that it gives people a false sense of security to offer it as a feature.
Best bet is to have an encrypted filesystem or alternative encrypted storage buuuut, also understand that encryption key is also stored in RAM.
TLDR: There is no point in Devs offering in app encryption when you should already be encrypting the filesystem.