The NSA probably already has them archived
.
Actually thats not so likely. The forum uses SSL encryption with perfect forward secrecy. It's unlikely the NSA obtained copies of PM's unless either:
a) either you or the receipient were the victim of an SSL MITM attack when sending/receiving the PM.
b) theymos or the hosting provider has given the NSA access to the forums database.
c) spyware on recipient or senders machine.
d) backdoor in forum software
A is completely preventable thanks to Theymos. You can verify, store and manually check the SSL cert because theymos signed a PGP message containing the certs fingerprint. SSL observatories built into browsers such as TOR browser also mitigate the risk of an SSL MITM.
B is unlikely
C is probably the easiest way to do this
D is incredibly difficult to do because the forum software is open source
As you said, any sensitive data shouldn't be transmitted over PMs here or anywhere else over the net without being encrypted.
Yes, but unfortunately that is not always an option and sometimes people slip up and do not encrypt information and realizing months later that they should have.