People with "Limited access" to a site can see the existence of Document Libraries that they don't have access to
If a site has people with limited access to items on the site, users with such limited access can see a document library in the Site Content page, even if they do not have access to the document library. They can see that the document library has X numbers of documents, but when they enter the document library, the library appears empty. They do not have access to the documents inside the document library.
I first assumed that this was a bug and reported it to Microsoft premier support, but according to Microsoft this is by design(?!)
A document library has usually unique permissions for a reason and sometimes the library's name and existence can be sensitive. To be sure that no-one can see a document library, you need to first break inheritance, remove the users and groups that shouldn't have access, click "show users" and remove the users and groups again. Bad user experience and potentially a security concern.
Nuno Canas commented
My name is Nuno Canas and I work as a Support Escalation Engineer on Microsoft.
I have a possible workaround that I was able to provide to one of our customers that uses the CSOM API to break the Inheritance from the Library.
As shown on the article below you can use BreakRoleInheritance with the first argument as $false with the main purpose of stopping the copy of the permissions directly to the list.
Have a great day!