I think its more about the current implementation being tied to some mcrypt functions, which may be replaceable, but the user-base of the radius auth plugin does not seem like its a good use of time to focus on this.
I think there is no doubt that RADIUS is an extremely commonly used protocol in networking hardware, but I don't think its a natural fit for authenticating something like Moodle (and my own anecdotal evidence seems to be that I don't think there are not many users of the Moodle plugin at all). I imagine many orgs might use radius for that sort of network equipment based auth, but often backed with ldap (which could be a nicer moodle fit) or even with a nicer more convenient web-based SSO solution which avoids the need to constantly reauthenticate.
(I might be proved wrong here too )