And one other thing:
There is a FAQ on this topic in the Exim GitHub Wiki section (https://github.com/Exim/exim/wiki/Q5004) which explains use cases in accordance to RFC 2822.
I think the aforementioned fix by removing the header is the easiest way to protect “BCC” information.
Dovecot should not change headers.
As far as I can see, it is up to the IMAP client to decide, whether it shows the “BCC” information or not.
Outlook in my case hides unrelated BCC information, but I can see the full header if I want to.
Another and better way to go, would be to rewriting sendMessage() to send a copy of the mail to each “BCC” recipient, containing only themself as “BCC” recipient in the “BCC” header and the original mail to all “CC” and “TO” recipients without “BCC” information, which should be a fairly simple task.
There is also another bug - at least I think it is one - with sending a mail to “BCC” recipients only (no “TO”), because this does not work.