I have played with client side encryption on a non encrypted zpool.
For example, non-encrypted zpool exporting an iscsi lun. Windows mounts that iscsi lun. Truecrypt on windows encrypts it and formats with ntfs, assigning a drive letter on the windows box.
Compression on freenas will be useless as the freenas contents are all 100% random data. But you get a zfs backed (bit rot protected) encrypted ntfs drive 'local' (as in shows up in disk manager, not an SMB share) to your windows machine. Feel free to snapshot / replicate it as well. (note you're not properly quesing the filesystem before snapshots, so each snapshot will be of a 'dirty' ntfs drive.) Also note that simply 'adding' data to the ntfs drive will result in 'changed' data on the zpool. So snapshots will have higher overhead as they have to track the old 'freespace encrypted to random data' changing to 'non freespace encrypted to different random data'. So snapshots could also be a security concern since someone could easily tell which portions of the random data are changing, and when. Might make plausible deny ability harder.
This also offloads the encryption to the windows box too. So you don't need to worry about the freenas cpu supporting aes-ni. And even without aes-ni on the desktop, truecrypts software encryption being multithreaded, most cpu's should manage gigabit with too much issue.