also strip title from notification of private messages - it leaks potentially sensitive message info. Note: there is still information leakage of sender but this is difficult to avoid completely. "You've got an email from (we're sorry, we can't tell you...)"

include/enotify.php

@@ -397,7 +397,7 @@ function notification($params) {
 					if(! $private)
 						break;
 				case NOTIFY_MAIL:
-					$datarray['textversion'] = $datarray['htmlversion'] = '';
+					$datarray['textversion'] = $datarray['htmlversion'] = $datarray['title'] = '';
 					break;
 				default:
 					break;