Well it's as secure as a legacy address can be if they did what you are suggesting. But that doesn't mean they couldn't make it more secure. For example, use an address format that gives more bits of security. 256 vs 160.
160 bit hash in addresses provides enough security, and that's the important part.
they obviously have FAILED to do thus leaking their public key to the whole world.
Public key is meant to be public otherwise if there were any risks in revealing your public key, the whole Bitcoin system falls apart. It doesn't matter what a single person does (like not reusing address).