realizing that the content of Mastodon DMs are accessible to you and your recipient(s)' administrators is a little scary, but!
(a) it's little different from how other social networks work and
(b) it might motivate you to explore what's called end-to-end encrypted messaging services, like Wire or Signal
Note: There are trade-offs to both of those options, and of course there are other services as well, but those two seem to be decent choices
(And obviously you can put your Wire username and/or Signal number in your Mastodon profile)
I realize now that Wire link above isn't ideal for new users (thanks @lx4r for pointing the out)
Here's a nice guide to getting started with Wire: https://medium.com/@mshelton/wire-for-beginners-8ee6caef49cb (though it is on Medium fyi)
Also, note that both Wire and Signal are currently centralized services (unlike Mastodon!). As some have pointed out, there are federated/decentralized e2e options, including XMPP, @matrix and even PGP, but I (personally) find Wire & Signal easier to set up and use.