Greater privacy in private messages would be a nice thing. Most users are a little unnerved when they learn the hub owner can read their private conversations if they wish to.
I’d assume they way most peer-to-peer messaging protocols handle file-transfers is to open an additional port for the transfer, but it would be nice to avoid this.
Due to the presence of C-C file transfers, I don’t think CMSG is a viable option, and thus p2p messaging won’t work in ADC.
An alternative approach would be the use of public-key cryptography for the text parameter of the MSG command. Clients could publish their public key in their INF broadcast (base32 encoded?), and support for the extension in INF SU. If sending a private message to a client supporting the feature, then it MUST encrypt the the text parameter (note: potential complications here with PM being used to support chat channels). A receiving client would then decrypt the message.
When ADCS is in use, this will effectively double-encrypt a private message in the eyes of everyone except the hub, but the entire point is to hide the message contents from the hub, since ADCS does not do this. Given the relatively small size of PM messages, the added encryption time and message link shouldn’t provide too much bloat. Such a feature will have to specify a key algorithm, such as RSA.