It’s not that simple to move indexeddb to the vault location, especially if you have multiple vaults.
Another reason why some data was moved from an in vault file to out of vault IndexedDB is compatibility with third party sync apps.
If you keep these cache and data structure files in vault and run a third party sync solution you are guaranteed to generate file conflicts and/or break stuff (search bug reports of mid 2020).
A trivial thing that you can try is to symlink the obsidian’s system directory so that it physically resides in your encrypted drive (but not in the vault directory).
If this level of security is important to you, you should be afraid of third party plugins and of obsidian itself exfiltrating your data.
My advice is to look not just into encrypted disk images but whole app container systems (like docker).