There should be a way to encrypt emails sent by MediaWiki. (See recent Facebook announcement of a similar feature.) The user should be able to provide a GPG public key and MediaWiki would encrypt the email with that key, and possibly sign it with some key that belongs to the operator, to prove that the email indeed originated from the wiki.

Possibly related: Verify signatures on incoming emails, maybe even only accept if signed by the user.