PSA: The metadata for your private messages on BitClout is public.
That means the sender, recipient, time and size of your messages can be seen by anyone.
Including the size of the message is a security risk, it makes it far easyer to decrypt compared to a null-terminated message with unknown length (with additional random tailing data)
It's possible they've done that - the protocol is only partially open at this point, so its difficult to tell what is in the payload.
