One possible solution would be to implement off-site Javascript code like Blockchain.info that would pull down an encrypted version of someone's private pgp key that they could decrypt with a known password. They could then use it plus their recipient's public key to encrypt their message/PM and send that back to the server which stores it. I don't even know the beginning of how to write code for something like this, but it should be doable in node.js I'd imagine. All the same things could also be done, like emailing a backup of the key as a .json file, also encrypted with their "password". I'd also recommend that, however they do this they make or allow the password to obviously be different from the forum login/password.