I reported a security bug to Slack. The response was: working as intended
I find the conclusion disappointing. IMO, think twice before adding collaborators on a Slack app intended for supporting local development. They may be able to read your DMs.
Scenario: Alice (dev), Bob (manager), and Eve (dev and eavesdropper) are all part of the same Slack team