If you built a client on top of email, you could add PGP encryption as part of the service. Getting and accepting friend requests performs the key exchange handshake needed and voila! encryption. There's some nuances here that would need to be addressed, but nothing particularly showstopping.