I have no idea TBH … I think Nostr is not actually the right architecture … but for relays to NOT become targets (in the future as Nostr scales), e2e encryption would be the way.
Gift-wrapped events have no publicly visible data except the destination pubkey and an approximate date. All else needs to be decrypted by recipient nsec…
https://github.com/nostr-protocol/nips/blob/master/59.md