Disk-level encryption is recommended for encryption-at-rest. Because admins have the key, they can read anything in the database, including direct messages, which is similar to how email works if you self-host it.
There’s a feature idea for allowing end users to encrypt their messages so admins can’t read them.
Please consider upvoting it if it’s a feature you’d like to see?