It would be great if there was a way for plugin maintainers to add additional information to plugin update notifications that are not published publicly/to the plugins database, for example providing information about security fixes to prompt admins to update ASAP without having to publicly disclose the vulnerability fix immediately.

Since there might be non-security uses for this too, an optional way to flag "This update contains security fixes" would also be useful.