Fixes #3963. post_event() is now protected and forwards to post_event_impl(), which unfortunately must remain public. So, client code can still abuse the class by calling post_event_impl(), but the abuse should now be more obvious. I considered adding an assert to post_event_impl(), so that unauthorized calls from the outside could at least be detected at runtime, but it turned out that an assert requires more additional machinery than expected, which is why it was not implemented.
Thanks for the report!