We should not be including a default encryption.key value out of the box. What's going to happen is that most people aren't going to be aware of this value and will just use the default distributed value. This encryption will then be (essentially) useless if they are using a known default key.
This is an impacting change because someone who upgrades would need to be sure to set encryption.key back to it's original value (if they didn't have it configured somewhere else).
The easiest solution here will be to just remove it from common-config-defaults.xml and create a KRDOC jira to make sure we document this in the release notes for 188.8.131.52