Well, you could also use authed sockets, directly, rather than over a proxy.
Discussion
My point is just that kind 24 messages are unencrypted, so the amount of privacy they offer is determined by the channel they are sent on.
You could also encrypt the content, rather than giftwrapping, as an obfuscatory fallback, if it leaks or is accidentally broadcast.
There are options.
yeah, using a wireguard network would enable a lot too, and that is encrypted end to end, HTTP proxy is just the simplest way but i'm sure there is options also for improving that
ultimately if the relay and the proxy are on the same machine it's not really an issue, it's only for the case of running relays locally, the signal is decrypted at the reverse proxy, idk what options there are for remedying this exactly, part of the problem is that a true end to end encryption would probably need to be added at the message level to eliminate that risk at the remote proxy. if you control it, then it's not so bad but yeah, ideally you would want to use nip-44 encryption, basically