The Faye documentation provides some very good information on this subject: http://faye.jcoglan.com/security.html
In your case the How should I authenticate clients? is particularly relevant.
The users who are to participate in the private one-to-one chat subscribe to a channel and your application controls who can subscribe to that channel using the authentication techniques mentioned - it only allows the two expected users to participate.