This is a good question, Ross.

As Jeff mentioned earlier, there is no way to truly encrypt this traffic. It is possible to obfuscate it but that won’t protect you from an attacker with very basic skills. Obfuscation is a lie and this is why we want to stay away from it.

When we discussed this issue internally a few years ago we thought that it is better to not give anyone a false sense of security. At the time, we were still brainstorming various ideas that we thought could be more secure. In the end, we didn’t find anything that could guarantee protection from the user with the root access privileges.

However, reading your post made me wonder if, perhaps, there is a benefit of hiding this information from a casual observer armed with tcpdump :)