Some of it has to do with the way the keys are issued at the initial join, not anything to do with the messages that are transmitted after they are encrypted.
But the point that a couple of the SmartThings staff have made that some of the updates that you might want to make would require basically resetting your hub completely To factory specs and then loading in all new firmware. You would have to rebuild your entire network from scratch. Including re-joining each individual device. And you still wouldn’t get all of the features that the new V3 has.
So there are things that you can do to improve security on any home automation system (for one, don’t have it share a network with anything else in your home), so just check the forum for the various security threads for those discussions.