PMs are accesible by admins if the admin has the link

I’m assuming you are a staff member on the forum? You should only be able to do this if you are staff. Staff should have the ability to audit PMs by default, and admins and those with access to the DB would have access to the raw messages anyway.

If you’re needing to provide a truly private system, there is the discourse-encrypt plugin which provides end-to-end encryption of messages.