I upgraded our test install to 2.5.0, and I created acouple dummy users - AdminAmy and ProjectPaul, and went through a few scenarios with them. It appears that anyone project create permissions down to repo admin can toggle and untoggle the "make public" checkbox. Can there be a system setting to gray that box out unless you're a system administrator? As it is, we have been encourage by Atlassian to disseminate project create/admin privs as much as possible (it's in your own documentation) but that level of access allows you to make all repos in a project or individual repos public, which isn't a small think here. We have IP concerns in our repositories so sharing them publicly is a IP & security risk for us.
A secondary improvement request would be to see a list of all public repos in the system admin screens, so we don't have to click in and out of each project to look to see what has been exposed.