Can Use Application All Users
Maybe this is all that needs to be fixed? I don't know if "Public" means that anonymous users can mess with the current mailing lists introduced. But well, even if that would be the case, this would not be very different from any logged in user being able to mess up... In any case, there is no separate Can View policy here.
Let's test this assumption.
As anonymous user, https://phab-01.wmflabs.org/mailinglists/ shows no list, and therefore there is nothing I can mess up with. If I click "Create list", then a login form appears. In other words, there is nothing that anonymous me can do.
However, if you visit https://phab-01.wmflabs.org/mailinglists/ as logged in user, you can see "wikitech-announce", and you can edit it.
The thing is, as anonymous user "wikitech-announce" also shows as "Restricted Mailing List" in https://phab-01.wmflabs.org/T460
Conclusion: these permissions seem to be messed up. It looks like the desired solution is the usual separate policies for Can Use, Can View, Can Edit.
The upstream change allows local administrators to alter the settings to allow the Mailing lists application to be used by logged out users. Previously you could set that policy, but it would have no effect.