I'm creating a custom object that will contain some sensitive employee data. I've got it pretty well locked down except that I have found that my admin users can query the _History object through the API to see audited field value changes. This has been tested through to Force.com Explorer (both of them). On the other hand, admin users (or users with View All Data/Modify All Data) do not see the Audit history for fields they do not have access to when viewing the data through a page layout in Salesforce.
So my questions are:
1) is this intended behavior
2) is there any way to lock this down
3) or should I just build a custom object to replicate the audit trail?
Thanks for your input.