When an user tries to access to a non-existent forum or topic, he or she gets one of these messages : "The forum you selected does not exist." or "The requested topic does not exist."

If he or she tries to access to a private forum or topic, he or she gets one of these messages : "You are not authorised to read this forum." or "You are not authorised to read this forum.". Regardless the visibility of the private area.

My opinion is the message should be different if the private forum is also not visible to unauthorised users (when the permission "Can see forum" is disabled). If the forum is not visible, we can assume administators want unauthorised users don't know its existence. Therefore, the error messages for the unauthorized access should be the same those for non-existent forum or topic, and the HTTP header for the output page should be 404 instead of 403.