Finished on the phone now!
The answer is pretty much as Domski says above - only webadmin people (myself, Flanks and Frank) have the necessary database passwords to be able to 'hack' into the database should the need arise. I doubt that either Flanks or Frank have the required software though to access the database direct!
The PM's (and anything else on the web) is as secure as an email - i.e. unsecure !!! Emails do not always go to the people they were intended to go to (that's why so many companies put disclaimers at the end of their emails these days) and you should never send complete credit card info on an email. I've seen some people who send the main numbers on one email and the expiry date info on a second - then only if both emails go astray can anyone make use of the information. Having said that I would personally never transmit financial info via an email - much more secure to use a phone !
As for any of the webteam reading peoples PMs... why would we, there's enough stuff to read on the main website ! Anyway we do have other things to do with our lives as well
Eamonn.