As we've implemented now, we just put an hidden facet on management root-lets for Web UI. But other clients such as RCP need also to not get these documents in, as they don't know the document types for.
The facet approach is not so easy because they do not play with at this time.
A simple way of solving is to setup security on these documents in order than only a certain group get access to these documents. This way, only users that belongs that group will get errors from these clients.
Locating all management documents in a single rootlet ('/management') and adding a specific ACL on that root-let will do the job. The group name will be contributed to the core management.