I don't think that's true.
For example, isn't there a version of PGP that is open source, and it's entirely devoted to encryption.
As well, freenet is open source, and that's an encrypted p2p network.
As I understand it, all you would need is a unique private/public key pair for each session, one that could be randomly generated when limewire was started. Then when it connected to hosts, it would pass them the public key, and get their public key.
It could then encrypt messages for them, using their public key, and receive messages for it.