It is a combination of everything said.
Many developers don’t think about boundaries because the language has no constructs to say so (besides @moduledoc false and @doc false, which are minimal). This means people don’t write annotations, which means that even if a developer would respect those boundaries, the boundaries are not there. And similarly, because those boundaries are not easy to check, you may accidentally cross them, even when they are defined.
For example, imagine you want to provide a reduce_with_super_power. You may do so by copying Enum.reduce source and then changing it a bit. The problem is that Enum.reduce called a private module, but you didn’t bother to check everything the code was calling when you copied that small snippet, and now your code may break in the next Elixir release.
This is just one example. Working on Ecto, Plug and Phoenix I saw it happening in other situations too. However, if someone knows that something is private and they decide to call it anyway, then there is nothing we can do. But at least they have been told so.
In general, it is about intent and communication and it is really hard to show intent and communicate when you have limited constructs to do so.
