I agree that it would be better if users don't see tags that exist within "private" spaces.
ALL data AND metadata within a private space should be private! Otherwise the space isn't really private.
If this can't be done, it needs to be made clear when you are tagging something that "tags may be seen by anyone, even if your content itself is private" -- again, this is not ideal but would still be a slight improvement over the current setup.
I wanted to post an update to this discussion for anyone else seeing this behavior - Based off of a support case investigation it's been determined that there are no permissions applied to the visibility of tags. Permissions and visibility are only applied to the content (like a document or a discussion).
For example, a user may create a secret document and tag it with "MySecretTag". Other users are not able to see this private document, and cannot see what tags are associated with that document, but users will be able to use tools like the Popular Tag widget to see that the "MySecretTag" tag exists, although they will not be able to see what content is associated with the tag.
I realize this is slightly confusing and may not appear to be correct, but our engineering team has determined that this is the expected behavior given the current implementation of tags in the Jive platform. If there is a larger concern with how this feature works I'd encourage you to create a new idea in the Ideas for Jive to raise awareness of this and help our product managers understand the importance of this.
Going forward, as a general rule of thumb, it is advised that content authors avoid using tag names with confidential information, as this information is exposed to the larger user base.