iMessage uses the Apple Push Notification Service. This is like a secured email relay server where the sender & receiver IDs are ephemeral tokens. If you trust the CA & certificate chain, then it's reasonably confidential. The question is where you keep your historical messages - on your device, or on their cloud.
The long & short of it is that Apple can't get at your iMessage contents or history if you don't use iCloud backups and don't subscribe to Apple's desktop password recovery service (duh).
(a) iMessage is end-to-end encrypted. There is metadata about who is messaging whom because it is distributed through the Apple Push Notification Service. This identifying metadata consists of ephemeral tokens generated by the sending server and the receiving device. And there is a small amount of encrypted message history kept for the PNS to resolve pending messages to all subscribing devices.
(b) Some iOS Backup files are not accessible by anything but the original device because they are encrypted by a combination of the device UID and your key. Mail for example. No one can get at them other than someone with 1. your password and 2. your device.
(c) iMessage files aren't protected like this since you CAN restore them across devices. But this is by design -- only way for iMessage history to be retained is through a backup.
(d) There are two backup approaches: iTunes (on your PC/Mac), which encrypts via a password, or iCloud.
(e) With iCloud, Apple could get at your backups because they could reset your password.
(f) Therefore, make a determination as to what is more secure: your PC/Mac's password, or your iCloud password (and Apple's willpower not to reset it at the request of the NSA). Back up your iOS (and thus iMessages) devices there. Or don't backup at all, and no one will see any history.
The long & short of it is that Apple can't get at your iMessage contents or history if you don't use iCloud backups and don't subscribe to Apple's desktop password recovery service (duh).
Apple's iOS Security Whitepaper adds some light: https://www.apple.com/ipad/business/docs/iOS_Security_Oct12....
In short,
(a) iMessage is end-to-end encrypted. There is metadata about who is messaging whom because it is distributed through the Apple Push Notification Service. This identifying metadata consists of ephemeral tokens generated by the sending server and the receiving device. And there is a small amount of encrypted message history kept for the PNS to resolve pending messages to all subscribing devices.
(b) Some iOS Backup files are not accessible by anything but the original device because they are encrypted by a combination of the device UID and your key. Mail for example. No one can get at them other than someone with 1. your password and 2. your device.
(c) iMessage files aren't protected like this since you CAN restore them across devices. But this is by design -- only way for iMessage history to be retained is through a backup.
(d) There are two backup approaches: iTunes (on your PC/Mac), which encrypts via a password, or iCloud.
(e) With iCloud, Apple could get at your backups because they could reset your password.
(f) Therefore, make a determination as to what is more secure: your PC/Mac's password, or your iCloud password (and Apple's willpower not to reset it at the request of the NSA). Back up your iOS (and thus iMessages) devices there. Or don't backup at all, and no one will see any history.
(edits: for clarity)