At work, my team and I have identified a possible improvement to the pull request feature:

We would very much like to be able to do private pull requests, maybe optional per public repository. So, say private pull requests are allowed or enforced, then the user would be forced or optionally be able to make pull requests private, i.e the source code is not made public until merged.

We identified this as a good requirement because we have private and public repositories at our organisation and for security might not want the data of a pull request being public, for example if a not so advanced user stores a password in a file. So, what we do now is submit no pull requests and just merge a special branch of each user that did some changes. The user then though has to ping the public project maintainer to merge in the changes. It works but it would be nice to have at least a notification in that case. However, putting it in a private pull request would make this much better.