The BCC header is meant to hide recipients of messages.
However, when encrypted messages are used, the e-mail addresses of all
BCC-headers are given away to all recipients without
warning, which is a bug.
But now Message got to warn if BCC recipients are found in an
encrypted message when you are just about to send it. If you are sure
those BCC addresses are safe to expose, set the
mml-secure-safe-bcc-list variable, that is a list of e-mail
addresses. See
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18718.