Copying from T309665#7973433:
In T309665#7973433, @Daimona wrote:I just realized that if you can view Special:AbuseFilter but not private filters, every private filter will still be on the list, and you'll be able to see its information (except for hit count). The filter's name is even clickable, although you get a permission error if you try to open it. [...]
I think a better approach would be to hide private filters *completely* from Special:AbuseFilter and the API. Otherwise, LTAs can see how many filters are there that target them, when they were last edited, what their actions are, etc. In fact, I think that the concept of "private filter" should refer to the whole filter, not just its rules.