Verifying that you have fully tested code is ALWAYS, IMHO, better than following privacy fetishes.

There are often good ways to restrict privacy AND have fully-tested code. (Michael Feathers has written extensively about this.) But when they appear to be in conflict, choose the tests. Privacy rules are an artifact of ancient ways of thinking about programming languages: there's nothing sacred or inherent about them. We build modules in layers, like an onion; privacy rules simply haven't caught up to good design principles.

Some languages have built-in support for visibility to unit-tests, e.g. "friend of" declarations and the like. Where that is not possible, we can still warn other developers that a function really wanted to be private, with attributions or naming conventions.

(FWIW, I was the unit-test evangelist/mentor for a 1M LOC project, and with my guidance/wrist-slapping/carrot-giving :-) we went from 40% coverage to 74% before I retired.)