I don’t believe so, and that isn’t something that is technically possible and still maintain the security level.
It would be nice if there was an inbetween mode where the secure parameter would be encrypted in such a way so that the root server could read it and then the root would re-encrypt it for each computer it would run against when they are relevant.
The issue is that this would require some sort of extra protocol for the client to ask the root for that secure parameter because the way it works in the current architecture is that something targeting an automatic group is evaluated by all endpoints in the scope and they choose to run it based upon their evaluation of the relevance. It wouldn’t be possible to have a parameter be both secure and also available to all clients unless all clients get something encrypted just for them, which can’t really happen when targeting dynamically like an automatic group because they all get the same action.