Right now you can encrypt Shares using eCryptfs, but this has a number of significant drawbacks that make it useless for me.
- 1. 143 character filename length limit
2. NoteStation data isn't encrypted
3. Synology Office data isn't encrypted
4. Other metadata (photo, video, chat) stored in the on-board postgres database also isn't encrypted
You can address all of these by implementing LUKS on top of the LVM volumes and formatting the encrypted container with btrfs.
Hacking this in wouldn't be too hard: compile a dm-crypt kernel module, manually recreate the volume with luks, modify the startup scripts to handle mounting. The tricky part is how to enter the password during the boot sequence. I decided that hacking a serial terminal was too much effort to have all of this wiped out on the next DSM release. I think someone in another thread mentioned a light web server that would launch before the volume mount and accept the password. That's how I would implement it too.
The Synology applications are awesome. I look forward to someday not worrying about someone stealing my NAS. Until then, I'll be exploring physical home safes that have ventilation