Yes, and this was known to the main developer. There were easy ways to make it at least private if the other server was trusted, but they chose to not implement them.
this doesn't make much sense. The very easy way to add AP-level privacy to ostatus was to just use a different salmon endpoint for private messages. This way, messages would never have federated to servers that don't respect privacy settings (by accident. if the server leaks on purpose, that's a different story).
This solution was discussed at length with mastodon devs before the implementation of the private messages. It was ignored. Now we have a situation were Mastodon is likely to switch off OStatus soon, leaving behind all those projects that don't have the dev resources to rewrite their core federation systems every few years.
The Ostatus/AP dual stack is also pretty hacky and not even valid according to the AP spec, although it's getting better all the time.
All of this without breaking compatibility across instances running different versions; quite a nice piece of engineering IMHO.