pop Your scheme to hide the comments for each section in a different file is vulnerable when you let users edit the page. As soon as one happens to change a section header, any reference from the hidden comments file to the header will be broken. There is no other way to address a section than by the text in its header.
For consistency's sake, it would be a flaw, but not a vulnerability. For this specific scenario a vulnerability would be exposing to the general wiki user that there's any shenanigans happening behind the scenes, which is what I'm hoping to avoid at all costs. If a user edits a heading and that invalidates some admin notes until I make a manual edit to the admin file, that's absolutely fine for this step in my proof of concept.
After I have the header replacement working like I want (once I try out the suggestion around getSort) the next goal will be to change the behavior for editing a page so that any section heading changes are reflected on the admin notes page in some capacity. Given the code in the "include" plugin already covers opening a related file and parsing through it's headers, it should be possible to perform a text diffing on the section headers between the public and private files during an edit, and then inject any missing headers into the private file. Since that description was a bit clunky, this is what I mean:
If my original page has the headings ====== Main Title ======
, ===== Subtitle =====
, ==== Subsubheading ====
, and ===== Second Subtitle =====
, then the admin page should have those same headings in the same order (may or may not have content under each heading in either file). If a user then changed "Subtitle" to "Subheading", one of two scenarios should happen
1) The admin file injects a new heading titled ===== Subheading =====
before ==== Subsubheading ====
, since that's the section that immediately follows the "new" section on the public page, while leaving the original ===== Subtitle =====
heading alone, or
2) The admin file identifies that the surrounding headings did not change, so considers it a rename and it renames the ===== Subtitle =====
heading to ===== Subheading =====
In scenario 1 there would be manual work necessary on my part to correct this rename/duplication, but in scenario 2 there wouldn't really be much interruption at all when modifying a header. The worst thing that would happen in scenario 2 is that I have to do some work behind the scenes to clean up references after my users make edits to heading titles, but that's really so little work that I'm not too concerned about that issue (assuming that I can even get to that point, that is). My overarching concern is that I want the users of the wiki to be 100% divorced from any of this admin-notes nonsense, so I'm fine if some method falls short and would require manual work from me on the backend of things, I just don't want the users to have to deal with it at all.