Someone else had this idea and I apologize for not remembering who, but ancestry could make a "Public only to DNA matches" option that would be the default when they sign up for the test, and provide them with a way to opt-out.

For folks where that is still not acceptable, another option is to simply show the surnames and counts (but not specific names or dates) and birth locations (again without names) for their ancestral line. Basically, the same thing you get now with a public tree except you don't see the 7 generation tree or the specific names, and there is no "full tree" link. That would keep private any photos, documents, questionable ancestors, and even the identity of the test taker. In that case, ancestry should disclose this but not provide an option to opt-out. If you agree to take the test, then you have to do that as a minimum. If the match is strong enough you would at least have some solid information in your message to hopefully convince them to share the full tree.