This major release includes node-to-node encryption. Client-server encryption has been in place since v2.2.0, and with v4.0.0 you can now run clusters where all traffic is encrypted.
Previously the only way to secure node-to-node traffic was at the network level (e.g. restricting access via AWS Security Groups), but v4.0.0 now supports TLS encryption between nodes. This type of encryption has been explicitly requested for production deployments of rqlite.