I am very happy with the current system (G3258 CPU on an X10SL7-F board, in a Node 804 case), but I will admit I have considered building a Skylake system. If I did, it would be hard to relegate the "better" system to be the backup server.
Perhaps it is one of the better arguments to build yourself a new box - your current box is tried and tested. Perfect for 'off site' location.
As for encrypting your data, yup, you may find a few threads in the forums about that. Plan and test it out in advance, before it leaves your home. Make sure it's exactly what you want. You could even test things out in a VM of FreeNAS (I like VMWare Player (free) or Workstation (paid)) to test things out like this small scale. You will not want to encrypt your drives, that doesn't protect your data from access when the system is running normally.
I agree.
I'd be soon looking into using VeraCrypt. It runs on Linux, MacOS X and Windows (as far as IIRC).
I'm not skilled yet to figure out how to make it work in a jail, as point of departue. If it could be configured to run in a jail, encrypt a dataset shared to that jail, then ...manageing access into that jail somehow.. to get the 'decrypted version' of the files. Doesn't appear very intuitive or easy to pull off.
The other option I've considered is to run it from a windows client, over CIFS shares. Potentially that could be done through VirtualBox or Bhyve once that get's released. Or ...through an ESXi solution (probably my goto option).