Well with blockchain.info/wallet if your password is compromised then you can simply move your funds to another address that is not compromised (hell you can create a new bc.i wallet with a better password). With having a private key that is decrypted in the browser if your password is compromised and the password protected private key is stored by the forum (I think it would have to be) then it would not be possible to protect the privacy of your PM's.
If your password is compromised, it is possible to change it. One way of doing this is to generate a random master key, which is actually the key that decrypts the PM's, and encrypt the master key with a password. So how it works is you open your Inbox, bitcointalk sends your browser your encrypted master key and encrypted PM's, you type in your password, your master key is decrypted using the password and then the PM's are decrypted using the master key. If your password is compromised you can change it, all you need to do is re-encrypt the master key with the new password, however should you ever forget the current password your PM's are gone unless you have another way of recovering your unencrypted master key. This is similar to how it works with PGP.
You would need to trust the forum enough to delete the version of your master key with your old password when you change your password. If the forum's servers are ever compromised then an attacker could download the master key's with their current password. Another possibility would be that theymos could be compelled to keep copies of old versions of the master keys by the government so the effect of changing your password would be that either password would work to decrypt your PM's
If the passphrase to my PGP private key is compromised (but not the private key itself) then I can simply change the passphrase to my PGP private key (I think this is possible- you could have it temporarily in decrypted format then re-encrypt it with a new passphrase (then obviously securely delete all old copies of your PGP private key).
My opinion is that PGP should really only be used of private information. Automatically PGP encrypting PM's is not a good idea, you should really only PGP encrypt PM's that actual private information. The reason for this is that if the receipient's PC is ever compromised, if they are unlocking their private key everyday to read their PM's then the malware can easily keylog them, however if they are only unlocking their PGP once every month or two to decrypt private information, there is a greater chance that the recipient will discover the keylogger before they unlock the private key.
Well if something is sent via PM then they are by default trying to achieve at least a small amount of privacy above posting publicly. This would be somewhat of a pain however you could store your PGP key on an offline computer and transfer any encrypted messages to your offline computer anytime you receive a PM. Another option would be to designate different keys as being for different levels of sensitivity and people who cannot respect that will not have their PM's read.
If you reserve PGP use for only sensitive information then an attacker would only need to look to people who have sent/received PGP encrypted messages in the past to look for potentially sensitive information that could be of value.
It is probably not very secure to have the forum encrypt messages for you as if it is compromised then it could also encrypt it to a third key who you did not intend it to be encrypted to.
People also use their PGP keys for other purposes too like signing code, and this puts their key at more risk.
Any code signing key should be kept offline and should be separate from your other PGP keys. I don't think someone should even try to decrypt something encrypted to their code signing key as if a code signing key is compromised then malware could easily be spread very quickly and very far.