Providing a Solr instance for the public Internet is a bad idea. Although you can disable some components to make it read-only, it just wasn’t designed with security in mind, it was intended to be used as an internal service, just as you wouldn’t open an RDBMS.
From the Solr wiki page :
, Solr . , , Solr, , Solr - . / Solr , (, , /), Solr .
ajax-solr, Solr javascript, , Solr .
, , guardian.co.uk: , Solr , API, . , define , , .
script kiddie DoS Solr , , .