Silk Road servers stored all messages in the clear forever.
placed malware on Tor exit nodes, located the Silk Road servers, raided servers, game over.
Private messages should have been end to end encrypted, existing in the clear only on the computers of the sender and recipient, and should have been deniable, except for messages containing money, where the sender needed to be able to prove that the recipient account had received a message with a particular hash, and thus able to prove that the recipient account received a message with particular content including payment.
Silk road servers should have performed a zero knowledge password login with each account, and for each account authenticated but not signed transient public keys for signing and encryption. Private messages from account to account should have been encrypted with these transient keys. Shortly after each login, transient public keys from previous logins should have been erased, as should any private messages.
Though messages should be deniable, sender should be able to prove he sent money, with or without revealing the content of the message containing the money.