Speed is perhaps too simple, it is also about resource consumption, RSA is a battery drainer.
This should be taken as an opinion from a non-professional random guy.
Apart from battery consumption, RSA-4096 and AES-256 supposedly have similar security.
Except that we know mathematically that RSA is “broken” by Shor’s algorithm, this was not a big problem until the arrival of quantum computers.
RSA has many advantages and properties for communications, but they become meaningless when it is for personal use.
Of course, AES can also be attacked and is not free of weaknesses, but as far as I know the attacks are not practical so far.
As I understand it, Serpent is more robust than AES, but also slower and more resource hungry.
I don’t think much research has been done to break Serpent more efficiently, though.
I would like to know what the difference would be between the hybrid implementation of Serpent + AES and just AES from Veracrypt.
We have a Veracrypt-compatible app on F-Droid: EDS Lite.
It’s only that it’s “outdated” and painfully slow.