1) unsecured graphing which can't be queried using a script anyway
If IP whitelist is not enough, you can limit it to VPN via firewall.
2) have to run a 3rd party snmp server because there is no snmp server from Mikrotik
Mikrotik has "The Dude" which works well enough as SNMP server. It is not masterpiece, has its own bugs, but works.
... and no ability to query snmp registers from the router itself.
Unsure what do you mean. You can query SNMP from router.
Surely there's a point where it's simpler to just add in an average counter in the resources tab which can be scripted...
Everyone will ask for different average. Someone will ask for 5m, someone for 1hour, someone for 1day... Cmon, if you have such specific requirements, is it really that hard to make own script, which will grab SNMP counters and show you absolutely anything you can imagine?
To sum up - we got two methods - either very simple graphing, or fully featured SNMP. You want something simple, yet advanced...