I thought I'll add some info if you go out of your way to add a feature request for that. Although I have a hunch you already know all that :).
epa-file seems to use gnupg to handle the encryption. It allows for both key based asymmetric and symmetric encryption (https://www.gnu.org/software/emacs/manual/html_node/epa/Encrypting_002fdecrypting-gpg-files.html)
While asymmetric encryption looks like a lot to implement, symmetric encryption might be the easiest way implementation wise and a quick way to add an additional level of security with very little effort.
E.g., check if the org file has a .org.gpg extension and then handle encryption via the iOS CommonCryptor CCCrypt. The only slightly annoying question would be how to store the passphrases locally, but I would assume iOS has a good way of taking care of this.
I'm unfortunately not an iOS developer myself, otherwise I would have provided a proof-of-concept along with that.
Anyhow, I'm thankful you are looking at this!
Self hosted sync. Add it to all of your devices (phones, laptops, etc) and you end up with a pretty resilient, encrypted, secure, and best of all free file and folder sync.
If you have a NAS, most have a way of running it to store and sync to your NAS hardware as well.
https://orgmode.org/manual/Deadlines-and-Scheduling.html has details on the org scheduling syntax, but here's an example:
** TODO Water the plants :home: SCHEDULED: <2021-12-08 Wed>
For phone I have used the official Android app from syncthing for years.
The only issues I've had with it was on spotty wifi causing high battery drain, but with some tweaking it becomes a non issue. Reliability had been nearly set and forget it.
As for a NAS, you can buy appliances like Synology. I have a number of servers at my house so I run TrueNAS on one, which is probably overkill for most.
I follow the 3-2-1 rule for backing things up.
> at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location (this can include cloud storage).
First copy is in the syncthing network (ssd media, phone flash, hdds), technically on nearly all my devices which is more than a single source but I only count it as one. Second gets backed up to TrueNAS. Final copy is off-site to backblaze (b2).