X's documentation explicitly states:
"Direct messages are not protected against hacking or unauthorised access."
If messages aren't protected against hacking, they're not encrypted properly.
This is encryption theatre, not encryption.
Words matter in security.