The 9P protocol truly is a beautiful work of engineering. There's actually another informal extension called 9P2000.e which is used by Erlang on Xen that adds session keys and a few new macro-operations (read whole file; overwrite contents) composed from lower level T/Rmsgs, but with ability to gracefully fall back to 9P2000. Linux v9fs has its own 9P2000.L in addition to the standard: https://github.com/chaos/diod/blob/master/protocol.md
Either way, it's much more elegant and portable than something like FUSE.
FUSE is an informally specified one-stop library that explicitly targets the Linux VFS, so it might be considered more convenient for whatever reason. There's also a general lack of knowledge about Plan 9 and Inferno on anything beyond a superficial level, though this might be improving.
9P is a small generic protocol that is often independently implemented because of its simplicity, so there are many heterogenous libraries for it.
Which required significant kernel additions in the case of the BSDs, and is a third-party kext for OS X.
In contrast, 9P is just a byte stream protocol that ranges from weekend project implementations in ~1000 LoC (yet still perfectly usable) to full strength client-server libraries. It's much more versatile and can be done entirely in userspace without special kernel cooperation beyond a basic POSIX runtime.
TLS tunneling is common. v9fs and diod give SSH port forwarding as an option. It's very generic, so the options are plentiful. 9P is formally transport-agnostic, from what I recall. Plan 9 natively preferred IL over TCP for a while before officially deprecating it around 2003.
It's just SSL; you can get more information at http://plan9.bell-labs.com/sys/doc/auth.html. There is also factotum, which serves a purpose somewhere between ssh-agent and an OS X-style Keychain.
Either way, it's much more elegant and portable than something like FUSE.