@samir the only trouble I've had so far is with sending attachments. Looks like you have #mod_http_file_share enabled (I'm not on trunk, but could use community #mod_http_upload for #XEP0363). I think this means the sysadmin could view any attachment? So I would want to wait for #XEP0454 in #prosody?
XEP-0454 is a client side XEP. Which makes sense... if it depended on server support then a malicious admin could just disable it if they wanted to read everyone's files 🙂
It just describes how the client can encrypt the data and share the decryption key with the contact - the actual upload is still XEP-0363, it just means encrypted data is uploaded. The server doesn't care.
Hope this helps 🙂