The default is to let your users in, but "open to the public" suggests you or one of your admins has enabled anonymous access. Is that what you are seeing? People can see your issues in projects without having to log it at all?
If so, take a look at the permission schemes. Look at the "browse project" line, and I think you'll find it includes group:anyone - that needs to be removed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.