A “public application” means that accessing to the app page is possible for everyone, without being a Yunohost user and logged in.
If it’s a “private application”, then it is protected by Yunohost SSO (Single Sign On), which means you have to be connected to access the app page.
So if it’s “private” (=Yunohost members only), you can access it only with a Yunohost account. Then you can do anything with the app (including logging with its own account system, or not).
If it’s public (= visible to anyone browsing the web), anyone can access your app without a Yunohost account. Then maybe it’s an app that require an account to interact with it, maybe not, but it’s different from Yunohost “public”/“private” app status.
(and by the way, if your app visibility is set to public, anyone can try to logging as you or another user, so you need strong password - and there is also a tool called fail2ban that is used by some apps to reduce the number of bruteforce attempts to guess the password)