Astor and I played with BitMessage one night. We both noticed some... well, possibly "inconsistent" behavior, but nothing really worrying. I don't think either of us saw anything obviously "oh shit, we just leaked our identities" or anything anywhere near that sort of thing. The last I knew he wasn't recommending it for general users, and neither would I. It's a nice project and it has lots of promise, but I don't think it's ever going to replace PGP (I mean it doesn't even accomplish the same job as PGP -- how could it replace it).Just in defense of the program itself and all... :)