Let's not confuse the issue. There is no technical reason why it can't be added to mIRC; however there is also no technical reason why it can't be (remain) a third party tool. It's important to point out that nearly every other IRC client with this feature has it implemented as a plugin/third party script. Probably the only reason Trillian requires this to be built-in is it's much less extensive third party plugin support. All other clients I know of that can implement this as a third party script do so.
In fact, there is no problem with the proper third party Blowfish scripts out there. I think most of the complaining is coming from users who are using bad implementations such as FiSH that require modifications to the executable and are therefore extremely easily broken. As mentioned, there are properly implemented alternatives available such as Mircryption that don't have these problems.
If you simply switch to one of these scripts you will solve many of your problems. These scripts are also well tested, have source code freely available and are reviewed by the community, so the malware issue is moot. Third party scripts are a reality for most people using mIRC, so the threat of malicious scripts is not new. Fortunately, the community has handled this extremely well and there have been very few isolated cases of such scripts. Assuming you get your scripts directly from the official sites, I have heard no cases of any malicious code in any of the popular Blowfish encryption scripts, and they have been widely used by enough people to be trusted.
Ultimately the question is whether it is a worthwhile use of Khaled's time. There are many things mIRC could use that cannot be implemented by a third party script, and given that there is already a number of solutions available for this feature and a relatively small demographic of users who need it, I personally see this as a low priority issue. That said, the only person who decides what goes into a version of mIRC is Khaled himself, not anybody else on these forums. Ultimately it is his decision. Personally I'd rather see things improved like the connection setup UI, dialog support and other such features rather than waste resources re-writing scripts that already exist for the sole benefit of a little extra "trust".