Your document still talks about user choice and configuration of what information is given out.

This reflects the common mistake here. You think of technologies like this as ways to control how your information is given out. They also need to be thought of as technologies that facilitate the giving out of information.

Unfortunately, you just can't facilitate the giving out of information without causing information to be given out more often.

The only way I can see to make it work is if you don't give out information. Instead you receive tasks to be done with your information, and do them for the outside application.

However, the problem is you can only do tasks that have been defined. Alternately, you can import generic code to do tasks, but you need a way to trust that code, since it could of course just suck in all your information and export it.