To expand on what joram said about custom logic:
When you fetch a Task (or a List if you’re getting more than one) you can also create a custom task representation. Then you can store into your custom task representation only the data you want to allow to be exposed at any given point in time (you’d do this in a foreach if using List). At that point you can do a security check to see if the data in the task/process variables is something you want to output as part of the task’s data. If you don’t store the value into your custom task representation, then the data isn’t exposed.
Of course, the simpler solution is to reconsider whether you want to store critical data in the workflow, because if you cause the workflow to tank you can lose access to the data from your application (unless you are using the Historical Task API).