Well it's as secure as a legacy address can be if they did what you are suggesting. But that doesn't mean they couldn't make it more secure. For example, use an address format that gives more bits of security. 256 vs 160.
They could have also chosen an OP_RETURN alternative too. The bits have little matter. Nobody's going to start brute forcing each address.
And don't use the same address more than once which they obviously have FAILED to do thus leaking their public key to the whole world.
Where are you referring to? The BitcoinEater address? If so, it hasn't revealed its public key, since it's a burning address. You reveal your public key only when you spend one of the outputs.