I have a question for you sir. Who is able to read PM's sent from one forum member to another other besides the recipient?
The PM system is quite similar to any email system, they are stored as plain text in the database on my server. There's no ability in a "out of the box" installation of phpBB or on this installation at Nepacrossroads for anyone else to access to PM's unless they are the recipient but setting up such a modification is a trivial matter. Since I have direct access to the server there is no way to prevent this access by myself, I could just read them by directly accessing the database if I wanted. All this can be done without your knowledge. This is the case with any type of communication like this, your hosting provider if you have a website or your ISP could just as easily do the same thing with email. Having said that I don't read the private communications between members and you'll just have to take my word on that.
One thing to note is if you send a message to two recipients when that sets a chain of events where any replies sent from that message will be sent to the other two people. e.g if you send a private message to Member A and Member B and Member B pressses reply both your name and Member A's name will appear in the TO: field. It can be manually removed.
There's no way I can prevent myself not being ale to have this ability and truthfully I'd like to make it so I can't. This topic came up before and I did suggest such a modification on phpbb.combut it's not a trivial matter to set such a system up. To absolutely remove the ability for me read such communications you would need to use public/private key encryption like they have for email.
In a nutshell public/private key encryption works because the only one that has access to the key that can decrypt a message is the recipient. If you wanted to send and encrypted message to someone you would obtain their public key which can be used to encrypt a message. You cannot decrypt it with the public key. You need the private key to do that. For this to work on the forum presents a few problems. Firstly these keys, specifically the private key would need to be obtained from a third party or created on their local machine because only the recipient can ever have access to it or the security completely breaks down.
The recipient would then be able to upload their public key to here which will give all forum members the ability to encrypt messages being sent to them. This is another spot it will break down because the recipient needs to take the steps before encrypted messages could be sent to them. Lastly I would need to provide a way for the web page on the recipients local machine that will access their local key.
As I said it's not an easy thing to do. If you want to protect your messages here you can still do it through other means such as sending password protected zip files which I'll note are pretty easy to break or some other form of third party encryption.