> "My world is one where the spec for the social protocol we're using encourages recipients of messages to forward them on to unknown 3rd parties."
Which requires them to be public for this to happen, because you're only forwarding pointers to the messages - not the messages themselves. These need to be fetchable by the third party. Unless you've somehow enumerated this remote list of actors, you're sort of forced to make these posts public.
Let's take private groups as an example. Bob is connected to Pgroup (a private group). Marty is also a member of Pgroup. Bob sends his private post (because it's a private group) to Pgroup. Pgroup has permission to fetch the post, because Bob has given it permission to do so. But it doesn't need to do so as the post was delivered. Bob has no direct relationship with Marty, but both are members of the group. Pgroup cannot send a link for the post to Marty, because Marty won't be able to fetch it. She was not given permission to access it by Bob. Only Pgroup has permission to do this. The only way that Pgroup can get the message to Marty is to embed it, and the only way to verify that Bob wrote it and sent it to Pgroup is if the embedded object is signed by Bob.
Marty's relationship is not with Bob either. Marty will only accept messages sent by Pgroup. And since this is a contained
private conversation, Marty will only accept Add/Remove objects from Pgroup with that conversation (Collection) as the target. This activity is signed by Pgroup. The Add'ed activity to the target Collection is signed by the author - Bob.
In this scenario, everything is flowing through deliverables and not through fetchables and everything is verifiable and Bob does not need to open the visibility of his post on his site to unknown third parties in order for other group members to access it. You still might need http-signatures in some form to verify actor fetches, but nobody really verifies or requires these today if they still want to federate with anybody, so it's kind of a moot point.
"My largest concern is that someone's server automatically repeats whatever it hears."
They can do this today.