It's just the way the Flarum visibility API is designed.
Extensions have 2 choices: set things to visible by default and add SQL conditions to exclude things, or set things to hidden by default and add SQL conditions to make them visible. As you correctly suggest, the goal is to avoid content becoming public if the extension is disabled or encounters an error.
Posts are a bit more complex than discussions because part of the SQL query checks if the user can see the discussion, so is impacted by both constraints.
At some point during the beta there was only one of the 2 that had
is_private, and I remember the second one was added to Flarum specifically to make this easier and safer in Byobu. I'm not sure which one it was and in which beta though.
Looking at Byobu source code, it seems to be only using the Discussion private API, and doesn't touch the one for posts.
Maybe it's a leftover from a very old version? In this case you should indeed set
is_private to 0 on posts.
The posts private API is used by other extensions and maybe it's those extensions that are interfering with Byobu. The Approval and First Post Approval extensions for example will set the flag, and remove it after the content has been approved. I'm not sure how it interacts with private discussions by Byobu.