The only threat to message data on Discord is third party bots like mee6 who are gateway connected to tons of public, private, and "small friend-group" servers, vacuuming up every message data to some data lake for later use. This is why Discord pushed Application Commands[0], which only receive data from Discord when the application is initialized by the user, and made Message Contents a privileged intent[1] that requires identity verification if your bot is in 100 or more servers.
I don't think the idea of rogue Discord employees accessing uploaded images for nudes or searching logs for personal information is far fetched.
Consider that a Ring employee was doing exactly that, with customer security cameras, and the only reason they were caught is another employee reported them (and Ring has no idea how many other employees were doing the same thing). [1]
Oh for sure, IRC has a similar problem (except there are no images hosted on IRC).
But if the analog for a "private" Discord server is a private IRC server then in one you're trusting all the employees and in the other you're trusting yourself (or whatever admin).
And there do exist IRC client plugins that allow for E2EE chat (but I've never met anyone who used them).
IRC certainly has plenty of problems and Discord is very convenient but I think assuming privacy is assured on Discord is a bad bet.
0: https://discord.com/developers/docs/interactions/application...
1: https://support-dev.discord.com/hc/en-us/articles/4404772028...