As title. When the privacy settings are set to to Members Only or People You Follow Only, the identities can be viewed by everyone in the message user info when the option "Viewable in message user info" is checked.
Given it's been like this since 1.1, I'm surprised this hasn't been mentioned before. There is an element of expectedness (code-wise), but equally it would be unexpected to the end user. I should note that the various other message element style properties don't take any permissions into account, though nothing is explicitly called out as a privacy entry for those values specifically.
Logistically, I think this will probably end up going down the route of not showing the info at all when you only show it to followers (or no one) and showing it conditionally if you only show it to members only.
I have now changed this as explained above: if you set your identify privacy to followed/none, it will not be shown in a message in any case; if you set it to members only, it will only be shown to members. This change has been applied to posts and conversations.
Note that this requires joining the user_privacy table. I have folded this in to the user_profile join for posts to make it easier and it will be included when getting conversation messages, but if you have a custom content type that uses the message template, you will need to add this join or contact fields will no longer display below the user info.