On the relay side, maybe allow nip-42 authenticated users to push gift wraps (where event.pubkey is not the authenticated user). On the client side you need to process all incoming gift wraps and only check WoT after unwrapping. That adds some spam processing overhead unless you only connect to WoT relays.
Gift wraps don't hide recipient metadata, and you can guess who are talking to each other by timestamp correlation 👀 Creating a new shared keypair for each secret chat doesn't have this problem, but it can be tricky to keep track of all the keypairs between sessions.