One of the recurring complaints against WordPress is that its only means of "protecting" posts is by password, which means that everyone knows a private post exists — including the title, post data and time — but only the "select few" get to read it. LiveJournal users can restrict post visibility to their friends list; and other blog packages with more granular access controls can restrict posts in various ways.
I've created a modification for WordPress 1.2 that allows authors to select a minimum user level required to see posts. If a user is logged in, and of sufficient level, they see the post. If the user is not logged, or not of sufficient level, they see no indication that private posts exist: nothing on the index, search, syndication feeds, or calendar display.