It's possible to have private messages on Subreply. They can be encrypted using the password hash. Changing the password will fail to decrypt old messages.
Why not destruct a message after logout ? Passwords are not control mechanisms. Sometimes you have to change your password for security purposes. An attack on an account could result in the loss of the important information. Better to just delete everything in a clear manner.