I think this is brilliant. Computers would be far more secure if we simply got rid of email. Traditional email is based on a horribly insecure protocol that allowed UNIX engineers in the past to talk with each other over networks. It was never designed with security in mind. And the extensions to it over the years have made it even more insecure.
A few questions:
At what point is the message encrypted? If it is done at the server, we have a problem. The user's ISP could snoop the plain text version of the message after it goes out on the wire. If Steemit doesn't encrypt on the client, then it would be hard to market this as a secure solution. There would be far more secure solutions out there (e.g., protonmail.com). Of course, the same issue applies to decryption on the recipient's side.
Could we prevent messages from containing hyperlinks to sites outside of Steemit? This would prevent bad actors from downloading malicious code on user's computers.
Could we prevent anything embedded in the message from sending info to Google AdSense (and other ad networks)? This would remove a huge temptation to send mass amounts of spam ads.
Before something like this goes live, it might be useful to open it up to some security-savvy developers to see if they can figure out ways that a bad actor could break it (e.g., defeating decryption, waging a man-in-the-middle attack, launching a DOS attack, implementing ad tracking to collect personal info and behaviors, etc.).