Today I configured a GeoForm web mapping application that could be edited by anonymous / public users, but with a hosted feature service that cannot be accessed anonymously. This requires a few separate steps, but is described in the documentation titled: Limit access to public ArcGIS Online layers.
Here is a brief description from the post...
"Public-facing data collection applications require services that are accessible by the public, but there is often a need to protect that information once it has been submitted. Layer contents can be accessed two ways in ArcGIS Online: through the REST endpoint (service URL), and through applications such as the ArcGIS Online map viewer and the web app templates.
Access to this submitted data can be controlled by setting up sharing permissions to restrict access to the REST endpoint, and by specifying the applications that can display the layers. These apps can then be configured to display only the data you'd like exposed to the audience of your application."
I know many people have probably run into this issue and sought other workarounds, but give this workflow a try if you are creating crowdsourcing maps but do not want your data to be found.