Index: wp-includes/class-wp-xmlrpc-server.php
===================================================================
--- wp-includes/class-wp-xmlrpc-server.php	(revision 32471)
+++ wp-includes/class-wp-xmlrpc-server.php	(working copy)
@@ -4579,6 +4579,13 @@
 		$post_ID = $postdata['ID'] = get_default_post_to_edit( $post_type, true )->ID;
 
 		// Only posts can be sticky
+		if ( $postdata['post_status'] == 'private' || ! empty( $postdata['post_password'] ) ) {
+			// Error if the client tried to stick the post, otherwise, silently unstick.
+			if ( ! empty( $postdata['sticky'] ) ) {
+				return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
+			}
+		}
+		
 		if ( $post_type == 'post' && isset( $content_struct['sticky'] ) ) {
 			if ( $content_struct['sticky'] == true )
 				stick_post( $post_ID );