On any board. Vbulletin, phpBB, Invision …you name it.
Users can only hope and trust that an admin with access to cPanel will not do that.
Assume somebody will read your PM’s. Don’t share sensitive info. Don’t be naive.
This is how the database looks for the PM table (only opened once for the purpose of this article):
I covered the sensitive info but you get the picture.
All boards, all forums.
What is needed it’s a mod (app) for encrypting the messages in the database. In such a way to make it very hard for the snoopy admin to decrypt the info.
While there are various mods for encrypted PM’s they are a pain to install and maintain and the person installing it will still be able to decrypt the messages.
Maybe one day…