Yes, it is.
If I do a query with populate, it shows fields marked as private. Isn’t that a bad thing?