~snip~
A limited number of people can read the personal messages. Personal messages are stored in the database in encrypted form and only those who have the decryption key can read them.
Given that my post, in which I stated, is another example of who can technically read PM, for those who do not read what others write and respond only to certain posts I will quote again. The post from 2012 is out of date anyway, unless Gavin still has the privilege of reading PMs, which would not only be illogical, but also dangerous since he's long gone to the dark side.
We don't log your IP address when the extension contacts our server but if you don't trust us you should use Tor or VPN. The extension can technically read any data from your BitcoinTalk session, including your PMs, but it doesn't do so. It collects user IDs from the page you're looking at - e.g. a list of posts in a thread - and sends that list of IDs to bpip.org to get info about those users, and only does so if you turn the optional features on (these features are off by default).
The extension works even if you browse BitcoinTalk.org without being logged in. The source code is not obfuscated and can be examined by anyone with sufficient JavaScript knowledge using developer tools built into most browsers. Same tools can also be used to check network traffic to/from the extension.