You can encrypt data with BackupExec 2010 and NOT affect dedupe, very easily. Change the PDCONF file on the client to enable encryption. Simple as changing a 0 to a 1. It's a text file, it's not rocket science to figure out.
The dedupe agent starts streaming the data and encrypting it in flight, the BE agent then sends the data to the media server and stores it to the dedupe folder. deduplicated and encrypted. You can even turn on cocmpression on the client too, to further reduce what is sent over the wire. But note that both compression and encryption cuase higher CPU use on the clients.
Remember you have to enable this in the PDCONF and not in the GUI or policy/job settings. Since the dedupe engine is full integrated into BackupExec, merely bolted on through acquisition.
Later when you duplicate to tape, data is unencrypted, streamed to tape, and LTO4/5 can be used here for tape encryption just fine.
