Interesting, for a customer I have a similar setup: we have a
"confidential" flag (Boolean) that makes the issue readable only for
people on the nosy list if set.
I have made an additional check-method that allows visibility of
messages only if the issue to which the message is connected is visible
for the user -- this can be done with permission methods (in our setup
the most confidential information is in messages, so a user could
shoulder-surf or otherwise find out the message number to get access to
confidential information if messages were not protected by permissions).
I've also made an auditor that tests if someone attaches an already
existing message to an issue (e.g. via XMLRPC or a crafted web-request)
to get read-access to the message. But I failed to notice how easy it
would be to forge emails ... 

so it looks like there are several use-cases for your proposal.