Oddbean new post about login | logout It doesn't, that's a trade-off. I've considered allowing users to pick public/private reports, because public reports of spam would be far more useful/less dangerous than public reports of e.g. csam or harassment.
Private by default with option to make it public seems is a great idea. I think it's all about providing visibility setting. In between - where you report it to trusted delegated party is what would be default for me.