Its certainly bad that its easy to snoop on someones conversation, but
there are many users who can live with this, and there is some effort
underway to secure conversations using SSL, etc.
SSL is already supported in the protocol, and I thought that the server already implemented it?
But SSL does nothing to protect you from a rogue or compromised server. You also have no guarantee that any server<->server links used to deliver your message use SSL.
As far as I can tell, encrypting the message is the only way to guarantee end-to-end security. The protocol supports this but unfortunately the documentation is awfully vague. It doesn't say how the message specifies what it was encrypted with (is it just hardcoded to use PGP and only PGP???) or how the sender obtains the receiver's public key (from a vCard perhaps?)
�Jens
