I'm making it an UBN only because we do have people reporting sensitive things in this manner and they more than likely will not understand the intended (or conversion) confidential nature of their filing (isn't sticking.
Played with a bit on T101665 and saw no ACL affects. I did see Mediawiki Security Bug setting activate appropriately, but not OCI. This is most likely since last upgrade, although I didn't test / don't know if it was tested on the one prior to that.