Both options seems to be targeted to expert users, we could put them in an Advanced section (folded by default).
But I'll prefer to offer sensible defaults.
AFAIU, we should change the default BF-CBC cipher to something safer like AES-128-CBC.
Regarding the auth-nocache, it may become a default, right?
Our policy is to try to leave original defaults, hoping the software authors chose sensible defaults.
Your suggestions are really valuable to us.