It's possible that you have misunderstood what "public key" means. It does not mean that it is published for everyone in the world to see. In asymmetric encryption, each key consists of two parts: a public key and a private key. The public key is allowed to be known by anyone and can be used by anyone to encrypt something for the owner of the private key, or to decrypt something that was encrypted by the owner of the private key. That's why it is the "public key." Mere knowledge of what it is allows a person to securely encrypt what it sends to the private key holder and allows that person to validate that the person sending something to them IS the private key holder. It does not offer security in one direction (since one decryption key is "public") but it does offer validation in the direction that data security is not offered. Related: look up Diffie-Hellman key exchange for info on how asymmetric key pairs are used to initiate symmetrically encrypted secure data streams between hosts. Also look up how PGP keys are used to validate that an email was sent by a specific person and/or that the contents of the email were not changed by a "man in the middle."
If you were considering the "published" part, "published" also doesn't necessarily mean that the services are in a nice easy list on some server somewhere for the FBI to download. Of course, the Tor directory servers obviously handle .onion domain name resolution and that makes them a huge problem. You know the garbled names that .onion sites use? My suggestion was to make that the public key and to do away with directory servers, using something like DHT instead.
tl;dr: "Public key" doesn't mean "published key" and "published" doesn't necessarily mean "in an easy-to-read directory somewhere."