I've neen wrestling with this problem for a little while. My aim was that I wanted to make it harder for someone to map the whole network and read everything that people post publicly. The aim was not to provide any kind of false security.

The first problem is that anyone can connect to a pub and just start downloading feeds. For this I have created ssb-incoming-guard git-ssb, a plugin for scuttlebot, that you can install on a pub and then it only allows incoming connections within hops of the pub. It still allows anyone to use invites.

The second problem is that when doing outgoing connections, it should be possible to only connect to users and pubs within your hops. This is closely related to the work @piet is doing on replication, so I'm awaiting the outcome of that so see how an option can be added for this.