yeah, using a wireguard network would enable a lot too, and that is encrypted end to end, HTTP proxy is just the simplest way but i'm sure there is options also for improving that
Discussion
ultimately if the relay and the proxy are on the same machine it's not really an issue, it's only for the case of running relays locally, the signal is decrypted at the reverse proxy, idk what options there are for remedying this exactly, part of the problem is that a true end to end encryption would probably need to be added at the message level to eliminate that risk at the remote proxy. if you control it, then it's not so bad but yeah, ideally you would want to use nip-44 encryption, basically