@Dominic I think patchwork somehow swallowed my response. The gist of it:

• ooo messages actually have a stricter security requirement!

  let's just agree that ooo-messages and regular messages have different security requirements =P

• which is really an application question

  I'm very wary of putting something into the protocol that works well for some applications, but not for others. The (conceptual) simplicity of ssb's API is a really strong point, and adding a feature that only works well under specific circumstances (which are partly out-of-control of the application designer) is detrimental to that simple interface