I agree, though it of course it depends on the threat model. As a self hoster, encryption is pretty much irrelevant, as my push server is controlled by myself, and accessible with https. Not having encryption makes it easy to debug and experiment.
I agree encryption should be the default choice though. Maybe we can introduce it in a future protocol revision? Client side, I expect most people use libraries, making this easy. Server side? Not so much.
The main goal was to get it adopted as widely as possible though, and encryption certainly seemed like something that would slow the effort.
Even for self-hosted I'd rather trust the server as little as necessary. Just in case it is completed why let it see things that it doesn't need to see?
I agree encryption should be the default choice though. Maybe we can introduce it in a future protocol revision? Client side, I expect most people use libraries, making this easy. Server side? Not so much.
The main goal was to get it adopted as widely as possible though, and encryption certainly seemed like something that would slow the effort.