In this paper, we present a signaling design for secure integrated sensing and communication (ISAC) systems comprising a dual-functional multi-input multi-output (MIMO) base station (BS) that simultaneously communicates with multiple users while detecting targets present in their vicinity, which are regarded as potential eavesdroppers. In particular, assuming that the distribution of each parameter to be estimated is known \textit{a priori}, we focus on optimizing the targets' sensing performance. To this end, we derive and minimize the Bayesian Cram\'er-Rao bound (BCRB), while ensuring certain communication quality of service (QoS) by exploiting constructive interference (CI). The latter scheme enforces that the received signals at the eavesdropping targets fall into the destructive region of the signal constellation, to deteriorate their decoding probability, thus enhancing the ISAC's system physical-layer security (PLS) capability. To tackle the nonconvexity of the formulated problem, a tailored successive convex approximation method is proposed for its efficient solution. Our extensive numerical results verify the effectiveness of the proposed secure ISAC design showing that the proposed algorithm outperforms block-level precoding techniques.