This is an identified issue. See this thread.
Restricting LDAP permissions
It's been registered as a bug, and you can add your vote or comments on bugzilla:
Bug 15378 - Obviate the need for and disallow LDAP anonymous binds
See also
Bug 16601 - Secure Access To LDAP
In other words, you're not the only one with this concern, and it will be addressed but is not fixed at this time.
In the meantime, is your concern having public access from the outside world, or also securing the GAL within your own network? If the former, firewalling the server and not permitting port 389 access except from the LAN will provide some level of security; then outside users would have to log into a VPN (or simply use the web client--ssl only--from outside) before accessing their mail. May not be ideal from your architecture but it will certainly work from a security perspective.
Cheers,
Dan