“* Clients have to store decrypted messages somewhere on their end as keys get useless soon”

Even when not sharing messages, solving this other disadvantage^ you pointed out with the answer above seems secure… rather than storing all those messages locally.

It just becomes a matter of good key management after that, which #nostr already needs to deal with anyway. If you have the key, then you can see.