It's possible to have private messages on Subreply. They can be encrypted using the password hash. Changing the password will fail to decrypt old messages.
But why this way? Why not encrypt a separate key (maybe even per message exchange) that is reencrypted when the password gets changed.
I thought user should have the "key" for their sent messages. Re-encrypting is possible, but not privacy aware. It could be a separate service similar to IRC/Slack.