So this has been discussed many times already. You could just use the Meta search to find the answers to your questions. theymos has already answered this kind of questions.
A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.
Only me, Gavin, Satoshi, and Sirius can decrypt it.
You can read this topic. It contains quotes from theymos on the subject.
"PM privacy is not guaranteed. Encrypt sensitive messages. "