This is a feature not a bug, to make joining meetings frictionless. (And in videoconferencing there's little distinction between meeting ID and password anyways -- they form a single access credential.)
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
You could have a second access code included in the invite but not printed right on the window in screenshots.
It would be similar to how a credit card number and CCV code are functionally the same as one longer number, except that you don’t go writing the CCV code alongside the credit card number, and that keeps it more secret.
Still not as frictionless as “anyone with the number can join,” but if this continues to be a problem it might be worth doing.
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
Overall I'd say the system works pretty well.