I create a new private repo. However, when I go to admin the repo, wiki and issues appear public.
I suspect most people expect private repos used for development to be private, including issues / wiki.
Security should be declarative. So I'd lean towards making the wiki private if repo is private, but still allow developer to make it public if needed.