We can see people's PMs if we plug our way through the vB database but I don't think anyone on staff would actually do that intrusively. We have logs that show all queries that are run anyway - I know I've looked up my PMs in the database before, though, along with those specified by other people that were giving them problems (back before we had the reported post feature). I don't believe they've ever been looked at without the permission of either the sender or the receiver.