> I find this to be dubious.

I don't. People are lazy and don't want to use PGP because it's confusing and hard. PGP-related questions were some of the most common help problems, on /r/SilkRoad, people would regularly mention not encrypting their address (ranked up there with early finalization for being incredibly frustrating for those of us who knew what we were doing), and the Atlantis CEO stated that like 90% of Atlantis users relied on the Atlantis-provided PGP encryption rather than encrypting it themselves.

> When people communicated with SR vendors, did they use email (where PGP might matter) or did they use the SR software?

SR had an internal message system, much like Reddit's PMs. You would copy the public key off the vendor's profile page on SR (or possibly from a thread on the forums), you'd ASCII-armored encrypt your address to the public key, and paste it into an address form field during the order process. You'd do the same thing for a regular PM.

> Did their forum software allow people to sign their posts?

Sure: ASCII armor, remember. Any forum which allows you to type in text, allows PGP signing of messages. Few people bothered, except for important statements like from DPR about new rules or .onion addresses or stuff like that.

PGP isn't just for email. PGP can be used to sign and/or encrypt messages wherever you publish them.

PGP would be useful in ensuring that SR isn't tampering with your messages between any two parties on the site.

The site recommended buyers use PGP to encrypt their on-site messages to sellers (including their mailing addresses), so that even SR admins wouldn't have access to them. It's slightly cumbersome but really the only way to do secure messaging on the web, as the lavabit story shows.