Encryption plugins can be loaded by both server and xtrabackup. On Windows, all server plugins are linked with mysqld.exe (because they export server entry points, and shared library cannot have unresolved symbols on Windows). Loading plugins from the process that is not mysqld.exe requires subverting Windows loader. To make it possible, non-trivial amount of hacks are required. On Solaris, plugins also cannot be loaded into xtrabackup, and currently all encryption tests fail there.
The task is to make shared library plugins "pure", not having unresolved symbols, not depending on mysqld to load. For that,
a) We should add more server services. Currently, AES encryption, reporting (to client with mysql_print_error, or to error log with sql_print_information) is used inside plugins.
b) Rewrite functionality that is possible to achieve with standard system libraries - get rid of my_open/my_read, my_malloc, dynamic_array etc