Josh, I'll tell you like it is. vBulletin is a php script that uses a database backbone to handle it's data. Instead of storing all information in files on disk (like old ikonboard did), it turns out a database (which is a program especially designed to handle data storage and access efficiently) gives a big performance boost so that's what most forums use. You follow?
Now, given the nature of the admin account, which is meant to be used for adminstration of all aspects of the forum, it is effectively impossible to protect yourself as a user from an admin accessing or changing your data. For example, the password to your account is stored in the database encrypted. The algorithm is a one way encryption algorithm, which means that once something is encrypted, there's no way to get it back. What vbulletin does to check your password is that it encrypts what you type and compares it to your encryped password stored in the database. In other words, I can't look up your password if I wanted to.
BUT, none other forum data is stored encrypted. Even using a normal encryption algorithm (one where you need a password to decrypt) it would take far too long to decrypt pm messages. It would slow down the forum and cut back on the amount of traffic the forum can handle. Pms are stored in plain text.
Now, your averge vbulletin forum admin probably does not know how to access pms anyway. An admin is not meant to read pms and there is no function in vbulletin to do so. But if you know how to access the database directly (which of course I do because they teach database programming at my college), then of course you can. I don't know whether it's a common practice among admins, I really can't imagine it could be and I don't see the incentive to read people's pms anyway. But technically it is possible, yes. If you have access to the database.
++ [ originally posted by Zlatan ] ++
You know, with Erik as mod I am a bit afraid.