I performed a little experiment and was quite surprised to find that an admin user could view the private discussion between two non-privileged users.
I know if I really wanted, as admin of the VPS, I could see these messages in the databases (but I would never abuse that privilege without user consent).
I want discourse admins (even the account used to install discourse) not to be able to view private messages.
Are there options for that? Could that not be set as the default?