Interesting idea. The good news with DMs specifically on an AUTH relay is that the republishing can only be done by the author or the recipient since nobody else can see the note anyway.

With private chats as you mentioned, it’s a bit trickier as the group grows. But, I would think there is some level of trust in a “private” chat anyway so perhaps you can rely on those users not to rebroadcast the event (if the original publishing of said event is made to an AUTH relay)?