I think Diasporas mode, encrypting the transport, is fine for what Diaspora is.
Diaspora is not for providing a ultimately secure communication channel. If you need that you’re better off with things like PGP or OTR/OMEMO. Diaspora is about taking your data from cooperation, ensuring its value isn’t exploited without you noticing.
Full and secure storage encryption simply isn’t possible with Diasporas current model, without limiting the user experience a lot, at least. While you can encrypt all data with a private key that’s encrypted by the users password and blablabla… that’s simply wasted resources. If your podmin is going to be rough, he’ll simply put a sniffer on their server capturing your password as you login. You can’t be secure if the data is leaving your machine isn’t encrypted so that nobody else than the recipient can decrypt it, and vice versa. Which currently is almost impossible to do for webapps.
Please note that we do already effectively block the friends of friends style social graph analysis. Only your home pod knows all your contacts, and even that doesn’t allow to go beyond that one level. This is what the “you could also like” algorithms are based on in classical social networks.
So the real issue I see here is communication. Lets make clear that Diaspora is not meant as secure communication channel, it’s not meant as the ultimate privacy machine. It’s meant to save your data from exploitation, without limiting you too much in your user experience.