the "man in the middle" i was talking about was the server itself. Sorry for misusing the widely used term for a certain attack method in this case.
The encryption used is regular blowfish encryption. You can either just define your own key and share it with others through other secure channels (e.g. pgp email) or have a random key generated and exchanged.
In order for a client to identify an encrypted string the text is prefixed with an indicator. There are two different prefixes used in the wild, "+OK" and "mcps" followed by a space and the blowfish encrypted text.
Key exchange and the security of it is, as mentioned earlier, handled by the Diffie/Hellmann 1080 key exchange algorithm. http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
You can see a few different implementations at http://fish.secure.la/
when you click on "DH1080" at the top nav. There's also a wide variety of different implementations available when you google it.
Really great news that you have this on your to-do list.