First of all, I'd suggest using a Repository to store address & phone numbers of the person providing the source. The same person/institution may hold more than one source, so this avoids duplication and makes it easier to update should the address information change. You will also be in a better position to control the outflow of this information since it is all in one place. Plus, I would not be surprised if some future PAF allows you to suppress printing of the Repository address & phone information, or allows you to specify a Repository as 'confidential.'
Once this is done, you could do a backup before the GEDCOM export, save to a different name like 'myexportdata.bak', restore from this backup, go to the Repository list and delete any of the repositories (or other information) you don't want exported.
Alternatively, a more general strategy would be to place some 'tags' around the information you wish to keep confidential, e.g. "[-- 123 Main Street, Anywhere, USA --]: where '[--' and '--]' are the tags. After exporting your GEDCOM, you could then load it into a word processor and do a search and replace to remove all of this confidential information, save the changes (remember to save as Text rather than in the word processor's native format), and finally send it out.
Of course either way you will need to do an extra step. But personally I'd rather do that than go back to PAF4. The change was probably made to PAF5 because people complained that their Comments were NOT being exported and they expected them to be. This points out the pitfalls of relying on undocumented behavior (in this case, that source Comments are not exported in PAF4), as there is less assurance that this 'feature' will exist in a future version.