I cannot use a BotPassword to make the above query, despite having all the boxes checked. Using my normal admin credentials on en.wp works just fine. Therefore, I should be able to grant a bot or an OAuth consumer the privileges necessary to undertake restricted AbuseFilter actions (e.g. read private logs and view private filters).
I think this would be better off as part of "View restricted log entries". There's also
which I think would need separate OAuth grants.