if it is an option for you - there is an ongoing developing of Kerberos support. Besides distributing Kerberos credentials for users, there will be full encryption on TPP (server <-> moms) and encryption on TCP for clients (qstat, qsub, pbsnodes, …). Please, see the related design doc for more information.
I suppose the TCP encryption between peer PBS servers could come afterward. Especially, if the community will be interested in it. It should not be too much work to add the encryption afterall.