The forum doesn't need to decrypt the messages. The PM send page could have a JS PGP encrypt function, if a user has set a keyid in their profile. It would be up to the receiver to decrypt the messages themselves.
The hard part has already being done:
http://www.hanewin.net/encrypt/You still need a browser addon to prevent the forum from changing its JS to read your messages or steal your private key.
Instead of integrating PGP into sites, the proper solution IMO is to improve PGP's browser (or OS) integration so that it can be easily used on all sites regardless of whether they know about PGP.