I think it's just that instance admins can read it and it will be sent via activitypub unencrypted if the account is on another instance. I'm not 100% on it not being sent if you message someone on the same instance
I think you can link your profile to matrix to enable a secure messaging option, but I've not bothered with that yet