I think it two different things, PMs aren't encrypted, so when both of the sender and receiver(s) aren't delete the message, Theymos can easily check the message by visiting one of them.

But when both sender and receiver(s) deleted the message, they (Theymos, Gavin, Satoshi, and Sirius) can access the PMs through the database which need to decrypt it.