The main problem is that: privacy issues are deeper than that, the
question could be misunderstood without a larger context, and there's
already a set of documents discussing most of that larger context (RFC
6973, the perpass problem statement draft, etc.).
The Document Shepherd Write-Up currently doesn't reference security
guidelines directly. Instead of asking a few specific questions in the
shepherd's writeup as you suggest, consider adding the privacy/perpass
docs to BCP 72 (which already includes RFC 3552) as they are approved,
and then optionally add a question to the shepherd's writeup that
refers to it, in order to emphasize the increased attention to the
issue.
FWIW, I do not feel strongly about this topic but my personal opinion is that
if we do something with the shepherd write-up, it should be on the general
level outlined by Scott above. (But I think the documents themselves are more
important than the write-ups. A few years down the road, I'm sure the reader
like to know what the thinking on security was on such and such RFC. On any
aspect of security, PM or otherwise. When there's something to say, of course,
which isn't always.)
Jari