LOC-10 - Use server-validated username to define message sender
We now use the username field that's authenticated by the server when displaying who the sender was. The "user" field has been removed from the encrypted message payload as being potentially dangerous (and no longer used in any case).
This means that it should no longer be possible to spoof the sender of messages. Instead you'd need to compromise an existing user's session or password.
The trade off of this is that there's a slightly increased level of metadata in memory on the server, but having weighed the options in LOC-10 this was deemed lower risk than the alternative.