When a user reports content that is in a hidden node only accessible to users in Usergroup A, users in Usergroup B will be able to see the thread content. Users in Usergroup A are Administrators, users in Usergroup B are Moderators. In this example, both should have access to the Reports Queue.
This seems like a very uncommon use case, but it seems since there are no permissions checks hidden information could be exposed this way.
I fixed this one. It was because the Permissions were not all set to Revoke in the Node Everything but View Node was set to Inherit from the Category. Users in the group could not view the node, but in certain cases (like the Reports) could see the thread content.