Are you looking for voluntary scrubbing of sensitive information at the splunk user's discretion or are you trying to hide sensitive data from a set of splunk users?
Depends on the data. Certain kinds of data can automatically be handled by the scrub command.
your search | scrub
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Scrub
You might find this app useful. http://splunk-base.splunk.com/apps/50916/encrypt-and-decrypt-data-within-events
Using SEDCMD is at index time. That being said, you could always create a summary index of the masked data for searching.