If SR server is pwnt by someone malicious they can certainly intercept all communications through the PM system.You also need to worry about an attacker who pwns SR server doing man in the middle attacks on GPG key exchange, this sort of attack may go undetected for a very long time. You shouldn't need to register to view this forum and you should add a profile option for GPG key so users can load it to their profile. Then only clicking the user name to go to their profile is required to get their GPG key. If the forum is open for all to view and has a place for GPG keys in user profiles you can periodically check your own listed GPG key against your known as legitimate GPG key. This is the best way to protect from SR or someone who pwns it doing MITM attacks on key exchange.