The objectives of the embargo is to deny source, binary, or informational access (e.g. release notes) ahead of a particular time. All of these are achieved outside a rather far-fetched kind of leak from the Heroku Postgres service, so the remaining risk lies in the black swan category, not unlike any other packager. The risk taken also has upsides in getting some broad-band testing for the project and protecting a large number of PostgreSQL users.
I suppose it's possible that the maintenance *could* have been kept secret, but it doesn't really fulfill of the above goals, and so, it wasn't, and to date nobody has raised or forwarded an objection to me that anything should have been done differently there.