Its serious security issue this default Laravel configuration. because .env file and database credentials are not protected. So you need to create a .htaccess file in same folder to protect it:

<Files .env>
order allow,deny
Deny from all
</Files>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>