diff -r f924dd043974 -r 33b7283a3828 mercurial/streamclone.py
--- a/mercurial/streamclone.py	Fri Jun 09 21:33:15 2017 +0900
+++ b/mercurial/streamclone.py	Fri Jun 09 10:41:13 2017 -0700
@@ -13,6 +13,7 @@
 from . import (
     branchmap,
     error,
+    phases,
     store,
     util,
 )
@@ -162,9 +163,18 @@
 
         repo.invalidate()
 
-def allowservergeneration(ui):
+def allowservergeneration(repo):
     """Whether streaming clones are allowed from the server."""
-    return ui.configbool('server', 'uncompressed', True, untrusted=True)
+    if not repo.ui.configbool('server', 'uncompressed', True, untrusted=True):
+        return False
+
+    # The way stream clone works makes it impossible to hide secret changesets.
+    # So don't allow this by default.
+    secret = phases.hassecret(repo)
+    if secret:
+        return repo.ui.configbool('server', 'uncompressedallowsecret', False)
+
+    return True
 
 # This is it's own function so extensions can override it.
 def _walkstreamfiles(repo):