There's no such thing as a private relay, only a secured relay. Someone will have access to the notes, and since any user/client can verify that you signed the note, any of those people or their clients can republish the note, and often do, to any relays they might want.
Discussion
Ok, secured/private, choose your semantics. It’s less around the ability to, just like anyone could photocopy an invoice, but there are social and digital controls around ‘shoulds’ that are created per group collaborative processes. So, within the ‘secured’, the same question applies and the point of being able to send info between ‘secure’ locations is the point of being able to validate across ‘secure’ environments. So the question stands, regardless of your word choice.
The problem isn't that people shouldn't share the note with other relays, it's that they could and inevitably would. The note is self-authenticating, if it's valid, if it's Nostr. The server isn't the database of record, or anything. If it's read by someone other than you, it can be shared and instead of it being someone just claiming you said this, it would be as if you said it yourself, and all of Nostr would accept it as valid and authored by a public key.
Sure, that’s literally the start point for corporations to be able to validate documents cross-platforms without having to re-validate things like invoice signatures. Sure, the whole network would recognize it, but companies would then find social controls to try to keep that under lock - that part hasn’t changed, indeed. But it helps ensure DBAs didn’t mess with the data in the meantime.
It's like an email. You don't say anything in an email, you wouldn't want the whole company to see. Because emails get forwarded, cause thats how email works.
That’s fine and doesn’t change how a diverse set of applications could leverage the ability to sign/validate data and share the data cross-platform without the need to have users revalidate their work in each system.