Hmmm. That's a harder question than it appears.

Correct me if I'm wrong, but your users will include a lot of older people with limited willingness to learn new interfaces.

In that case, I would just setup a mailserver, and create a special church email address for each member. TLS is enabled by default, and the plaintext is never exposed unless emails are sent to external addresses. Metadata on who logs in and when is exposed, but not the details on who messages who.

It's not the new hotness, but even Boomers can use email.