I don't see any major flaws with your set up, other than the fact it is massively over thinking the problem.

If you want to send another user a message without exposing any private info like an email address and without any risk of it being intercepted, then just have them provide you a PGP public key, encrypt the message, and send it through a private message.