A bit of googling and I came across this page. I mostly followed his instructions -- but here are a few sidenotes in case you go to try it.
In step #2, be careful about long names. When I got to step 3, I couldn't tell "Anonymous Public Snapshot Repository (read)" apart from "Anonymous Public Snapshot Repository (delete)" since they both looked like "Anonymous Public Snapshot Repositor".
I didn't do the last half of step #5 or step 6. Instead, I went into the user dialog and removed the permissions that the "anonymous" user originally had and added in mine instead.
Here's some screenshots...
This is the roles assigned to the "Public Role"
This is the "Private Role"
This is the "anonymous" user
And my personal user
You can test it by logging out then trying to look at the repositories. You click on the private ones and it says access denied. Public ones are still accessible.