As the quote says "
PM privacy is not guaranteed. Encrypt sensitive messages." theymos, sirius and few others can view your PM's if they really need to. If you would like to preserve your privacy better opt for PGP encryption where only you and the receiver can decrypt and view the messages. The following is an old quote about privacy and PM's. I don't know how much the regulations have been changed by theymos since then.
Global moderators can download the encrypted database backups. Admins and past admins (Gavin, Satoshi, Sirius, me, and now justmoon) can decrypt them -- they therefore have complete access to the database and can read PMs, etc. Justmoon and I can also query the live database.
Once back in 2014, theymos received a subpoena for the DPR case to release the deleted posts and PMs (though not really sure of the latter). But on whole, admins can view your PM if you didn't use PGP/GPG. Also note that, if your account has been hacked on rare cases, the hacker can read your PMs if they are not encrypted. Hence, you should use a encryption if you are dealing with the member personally. PMs are removed from the database only if both the sender and receiver deletes them. But, the DB is being backed up daily hence your PMs stay in the encrypted backups and those can be downloaded by global mods and admins.