Only admins and above can do that kind of stuff. And trust me I've had my account taken over (in the past) by admins before so I know quite well how the system works. If your talking about hacks, well why hack a user when you can hack an admin.
Ok not likely, but my point is on any given site admins can take over your account if they want to. This is not uncommon for websites to be able to do this kind of stuff folks.
As for SP with security, the voting system has an extreme lack of security, I know about a million ways to cheat the system but your not going to see me do it!
So I have yet to see summitpost hacked, so I think they got decent security here.
So why do you say "I'd like to give it a 10, but it is late. Will you do it for me?". It's not possible for a non admin to do that.
As for the info on chat/pm's, I guess I could understand the chat one because Matt has easy access and can see the last 10 chats, but not so much on pm's. If you want to go that far, there might as well be a disclaimer on the profile saying "Note: Site owners can view your password inside the database, you have been warned". I'm not actually suggesting that be done, but I'll bet the database is rarley visited by the site owners (although Matt might for updating stuff). But as I said I guess I understand for the chat part because that can be seen without even looking inside the database.