It is def an issue that is worth considering and sometimes comes up - @mikedilger brought it up in a nostr thread with me a week or a few weeks ago, that he wouldn’t want all of his trust attestations out there for the world to see. I would envision trust attestations to be public in the early versions of the Grapevine, just like follows list; but in later iterations, you will be able to keep some trust attestations private if you wish, in which case your Grapevine can still use them to calculate Influence Scores, curate your content, etc.

One other thing about the Grapevine: I can give you a trust rating based on my personal observation, or I can convey an influence score based on what my Grapevine tells me, and the format of these two pieces of information is the same. Which means you can benefit from my first hand knowledge that I provide to you but at the same time I can have plausible deniability by making it ambiguous whether I’m giving you first hand info versus just telling you what my grapevine told me.