Hm, I had not seen these. Do you have links to them? I can't seem to find them through Google or the Semtech site.
As for providing more details on the specification - that is certainly a good next step, though time is limited (and at least I won't be able to dedicate any substantial time to this in the coming weeks).
The idea is to let the MQTT stuff be done at the handler side. The default handler might not even support MQTT, the design leaves that flexible. The routers will likely just use UDP packets on both sides (from the gateways and to the brokers), so I think you're suggestion matches our plans.
The handler is mostly a convenience for an application that doesn't want to take care of the decryption side of things. An application could choose to integrate the handler (or even the broker, I think). I can't recall off-hand why the handler and broker were split apart, but one advantage is probably that the handler can be integrated into the application, and many different types of handlers could be implemented (using different application-side protocols, like MQTT, REST, etc.).