for making pubs check if the inbound connection is within their friend hops before replicating data.
However, I don't think this will quite solve the issue. It seems to me that if you put data in public, someone will find a way to discover it.
I do think that @dominic's next step towards private groups is closer to a solution. It'd make random crawling of a message difficult for people who do not have the decryption key. However, you still have to make sure no one shares the decryption key.
This is a difficult issue to solve when you're publishing to an append-only log.