Restricted Posts Not HIdden From REST API

I am doing some testing in a local environment, and it appears that fully-restricted posts do not get hidden from the REST API.

Steps to re-create this issue:

1. Create a new post
2. Choose a user level from the “Restrict This Content” metabox on the editor screen.
3. Check the box that says “Hide From Feed?”
4. Publish the post
5. Visit /wp-json/wp/v2/posts in your browser

What I expected:

I expected the content and excerpt within the REST API feed to be replaced with a message indicating that the post is only visible by members.

What I got, instead:

I am able to read the full content of the post, and the full excerpt of the post within the REST API feed.

I have also tested this process by using the [restrict] shortcodes, and those work as expected (the content found between the shortcodes is, in fact, hidden from the REST API).

Finally, I tested the “Hide From Feed?” checkbox on the fully-restricted post and the partially (shortcode) restricted post. The checkbox did not seem to have any effect on the REST API feed or the RSS/Atom feed.

When the box was checked for the fully-restricted post, the excerpt within the RSS/Atom feed reads exactly the same as it does when the box is not checked (it indicates that only members are allowed to view the content). As mentioned above; the full content and excerpt of the post are visible in the REST API feed, regardless of whether the box is checked.

When the box is checked for the partially-restricted post, the excerpt within the RSS/Atom feed is also exactly the same as it is when the box is not checked; the REST API feed exhibits the same behavior whether the box is checked or not, as well.

Has anyone else experienced this? Am I doing something wrong? I have deactivated all plugins on the site, and am still having this issue.