External recipients feature is leaking content of confidential issues

Gitlab still does not allow invitation of external participants to confidential issues, which is sad because the alternative is to add them to the project and they can see all confidential issues, which might not be what you want. But, there is a workaround to that problem, External Participants, which seems to be doing its job, I tried this out today. Except, it seems our Gitlab hardening has no effect in that case, as the person I added got the confidential content directly into their inbox. Now, this might be a trade-off we are willing to make. But I am not sure about that, hence this ticket. If we think that's fine then I think this might warrant some documentation so folks are not surprised.