Sure. The same goes for email, Twitter, Telegram, Nextcloud and any other service that is not end-to-end encrypted per default. However, I see the least danger with Mastondon, since the discussions usually take place in public anyway.
And: I don't know if this is only the case with the instance on which i am, but Mastodon is even transparent and displays the following hint when you want to send a PM.
> Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon.
And: I don't know if this is only the case with the instance on which i am, but Mastodon is even transparent and displays the following hint when you want to send a PM.
> Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon.