Comment 14 for bug 3165

For example, It would be nice to have a toggle on account level to not mail out notifications about private things ever.

Or, for example, make a secure notification with a generic text and obfuscated authenticated url which will redirect to the whatever the notification is (i.e. build failure, bug report, merge proposal, etc). Apparently some banks in US do "secure mail" this way, to enforce TLS+http retrieval of notifications.