Even on traditional centralized platforms I’ve never treated DMs as “private.” Anything not end-to-end encrypted cannot be considered private and never has been able to be. Once again, these aren’t exclusive issues to the Fediverse.
With that said, I do see it as important to draw attention to these types of things. Users should absolutely know not to share sensitive information via DM, or make the mistake of considering them a secure medium on any platform, centralized or not.