Yes, exactly. All documents in the special /public directory can be accessed (GET/HEAD) without authorization. But only single documents with their exact URL can be accessed by anyone, and not the directory listings.

With the correct authorization/token you can also write to /public (or /public/categoryname/), i.e. PUT/DELETE documents, as well as read the directory listings.

In remoteStorage.js modules, the publicClient is just a scoped BaseClient for the public category of the module. So if your module is e.g. documents, the privateClient is scoped to /documents/, while the publicClient is scoped to /public/documents.

Does that make sense to you?