Decrypt encrypted backup on the new device how? What password / key would you use, and how would that be backed up / made known to the user, which it does not do now?
If it's a device password, enjoy re-encrypting if they change it. Or handling two device passwords.
If it's a user password, then how do you change encryption everywhere when they change their password? Only option there is to have Google decrypt and re-encrypt it and push it to every device, since otherwise you losing connection means corrupting your backup, at which point they have it in plaintext, no difference.
If it's a device password, enjoy re-encrypting if they change it. Or handling two device passwords.
If it's a user password, then how do you change encryption everywhere when they change their password? Only option there is to have Google decrypt and re-encrypt it and push it to every device, since otherwise you losing connection means corrupting your backup, at which point they have it in plaintext, no difference.