Yes, the attached PCAP file confirms the EDE information is missing in those cases where FTL shown you INSECURE status:
vs. one of the BOGUS answers:
I don't think we're seeing an dnsmasq/FTL bug here (well, except dumpfile would be broken, too).