I come from a Java background and I have been working with PHP for almost a year now. I have worked with WordPress, Zend and currently I'm using CakePHP. I was going through Cake's lib and I couldn't help notice that Cake goes a long way avoiding the "private" access specifier. Cake says

Try to avoid private methods or variables, though, in favor of protected ones. The latter can be accessed or modified by subclasses, whereas private ones prevent extension or re-use.

in this tutorial.

Why does Cake overly shun the "private" access specifier while good OO design encourages its use i.e to apply the most restrictive visibility for a class member that is not intended to be part of its exported API? I'm willing to believe that "private" functions are difficult test, but is rest of the convention justified outside Cake? or perhaps it's just a Cake convention of OO design geared towards extensibility at the expense of being a stickler for stringent (or traditional?) OO design?