I filed a new task (152957) and marked it as Security: "Other confidential issue" as it included privileged information. To my surprise, right after I posted it, I saw wikibugs mentioning it at the #wikimedia-operations IRC channel, and its contents were visible to all (the visibility/edit policy were set to public/all).
As far as I understand it, this option does nothing, while claiming to protect confidential data. This is an extremely dangerous option that could result in data leaks. This should be fixed ASAP, and an audit of tasks that were marked as confidential should be made.