When creating a task for a feature, everybody can read it. However, some tasks are only from e.g. a manager to a specific employee. In such a situation, only the manager (aka the creator of the task) and the employee (the assigned) should be able to read it.
This would make it possible to manage all tasks in Aha, as now the private ones have to be managed in another package to ensure privacy.
It is possible to create private To-do's by creating a To-do from the + sign in the top right corner of the application. Any to-do's created here would not be accessible from the Feature detail. It would also be possible to reference the feature (via # sign) in the To-do description so that the feature can be easily referenced/hyperlinked from the To-do.
As you described, To-do's on features can be viewed by all users who have access to the product. This is purposely designed for greater transparency across the organization.