The only global control for anonymous users is the "can use" option in Global Permissions. To avoid malicious anonymous editing and comments, we need to ensure that no space administrator grants more than View permission for anonymous users. At the moment, we just monitor all spaces by looking in the MySQL database, and deal with undesirable anonymous permissions when we spot them.