As nobody explicitly stated it, that's just what happens when you quote Outbox messages (perhaps SMF sees the Outbox as messages sent to the other user (main message) and you (Oubox message)). If you don't want a copy of your new PM, just remove your name (and the comma) from the "To:" field.
It's just like being able to email yourself. It's useful for saving things that you might need (like a stock response). I have also found this useful for doing some testing with BBCode but without having to make a thread.
I never really thought about it honestly , could those P.M be considered as "valid" If you for example put your address there or your PGP public key instead of stacking it in the usual thread ?
A little off-topic but yeah it would, unless the hacker would find said PM and delete it (at which point you'd have to hope theymos doesn't mind digging in several month old backup files). It's best to just PM a user that doesn't delete PMs (an alt you never log back into or DefaultTrust (yup, that's an actual user - a placeholder user for the DefaultTrust feature)).
