Marking variables private does not mean that they cannot be read on-chain. Private data should not be stored unencrypted in contract code or state but instead stored encrypted or off-chain. (see here)
- Privacy of On-chain Data
- private Variables != Cannot Read
- Blockchain Txs & State
- On-chain vs Off-chain
- Private Data -> Encrypted Off-chain