For a financial company active in more than one area we have our "business line" isolated in different system profile.
As the financial regulation that apply is not the same it would be nice to be able to separate what is confidential for one and what is not for the other.
I suggest to put the Confidential Strings settings at the level of the system profile instead of the server.
There is an RFE which might already cover your idea: https://answers.dynatrace.com/idea/134117/rfe-user-access-at-application-level.html
Feel free to upvote that one :-)!