It's possible to have private messages on Subreply. They can be encrypted using the password hash. Changing the password will fail to decrypt old messages.
Why not destruct a message after logout ? Passwords are not control mechanisms. Sometimes you have to change your password for security purposes. An attack on an account could result in the loss of the important information. Better to just delete everything in a clear manner.
But why this way? Why not encrypt a separate key (maybe even per message exchange) that is reencrypted when the password gets changed.
I thought user should have the "key" for their sent messages. Re-encrypting is possible, but not privacy aware. It could be a separate service similar to IRC/Slack.