Can signed PDA's make an anchor instruction uncallable outside of the program it is defined in?

[ifiokjr]

Am I correct in assuming that using a PDA as a signer effectively makes the anchor instruction private, only callable by other instructions within the same program?

Since only the program can sign PDA's is this a way of creating instructions that are effectively uncallable by anything but my own program?

For example I have this code:

#[derive(Accounts)]
#[instruction(props: ProjectStateIncreaseSpaceProps)]
pub struct ProjectStateIncreaseSpace<'info> {
    /// CHECK: the check is performed by the caller of this private endpoint.
    /// The project will receive the lamports to increase the state size.
    #[account(mut)]
    pub project: UncheckedAccount<'info>,
    /// The vault which is the signer to validate the payment.
    #[account(
        mut,
        seeds = [SEED_PREFIX, project.key().as_ref(), SEED_VAULT,    &props.vault_index.to_le_bytes()],
        bump = props.vault_bump
    )]
    pub vault: Signer<'info>,
    /// Needed in case a reallocation is required for the project memory.
    pub system_program: Program<'info, System>,
}

The handler for this instruction transfers lamports from the vault to the project. Another instruction performs validation and then creates the signer via CpiContext::new_with_signer where the seeds are identical to the seeds on the vault. In my tests I haven't been able to find a workaround to invoke this instruction from outside the program.

This is the error I see when trying to call it from a client.

Program log: AnchorError caused by account: vault. Error Code: AccountNotSigner. Error Number: 3010. Error Message: The given account did not sign.

I've also created a separate program that uses invoked_signed and it seems to unwrap with this error InvalidSeeds.

This is running on solana-program-test. Can I check that using a PDA signer is a way to make instructions effectively private?