sandroAnother approach would be to make a different rel and a different endpoint, rel=privatemention, but that seems kind of silly. I think just webmentions need to be treated as if some parameters in the mention might be highly sensitive -- only store/expose the parameters you know are safe.
