A private relay would be required here to properly enable AUTH and trust that the relay is authing against a configured ACL for your group. In that case yeah don't see the reason for encryption since TLS between client/relay and group messages are private to that relay behind auth.