To authenticate a message, one use her private key (to encode a hash of the
message; the proper message is in clear). The recipient use the public key to
check that the sender of the message really is who he pretends to be. With
the sole public key, nobody can usurp the identity.
To encrypt a message, one use both her own private key and the public key of
the recipient (the message is *not* in clear). The recipient uses her own
private key and the public key of the sender to decrypt the message. With the
public keys, an attacker cannot do anything (the private key of the recipient
is required to read).
All in all, it is normal that the public key is, well... public!