There are now 3 new advanced content security settings that provide more control. These are available by clicking the "Show advanced security settings" link in the "Settings" dialog that's available to all Carrot admins.
Here is an explanation of the settings:
Do not allow secure links to open posts from email or Slack - when Carrot sends a daily digest via email or Slack it normally considers that to be a secure channel and so posts in the digest are provided with a secure link. The secure link encodes the identity of the digest recipient so they can follow the link and view, comment on, and react to the post without having to be logged into Carrot. This setting disables secure links and has the digest use normal post links that require a Carrot login to the team.
Do not allow public sections - normally when creating or editing a section, you can set the visibility to private, team or public. Public sections can be viewed by everyone, even if they are not logged into Carrot or are not a member of the Carrot team. This setting disables the public section option.
Do not allow public share links - normally when sharing a Carrot post via a URL, there are two options available, the default option requires everyone using the URL to be a logged in Carrot user that's a member of the team, and the public URL option allows anyone that receives the URL to view the post. This setting disables the public share URL option.