It would be nice to have a feature that will either encode, encrypt, or otherwise obfuscate the contents of the tunnel's websocket messages. For example:
message = "3.enc," + getElement(btoa(message));
Of course, you would also need similar functions for the guacamole-server. I wasn't able to figure out how to get it to work there; it's been a while since I've touched C. For incoming messages, after it parses these encoded messages, the "enc" handler would decode the data. Since the data is another websocket message, the handler would then need to re-parse and handle that instruction.
Purpose: additional privacy and security in insecure environments. While TLS would encrypt the entire communication, sometimes this cannot be trusted, or sometimes organizations/higher-level entities will proxy/man-in-the-middle to decrypt and inspect TLS sessions prior to re-encrypting. In these cases, it would be nice to have a means of protecting the websocket messages so that they remain unreadable (or at least encoded/not directly readable) when running over on an untrusted network.