They can be public and they can be private. This comes down to how the clients choose to implement them while following the specification. - public association to pubkey, public clear text data - public association to pubkey, private encrypted data - public association to pubkey, with a mix of clear text data and encrypted data etc In the case of Corny Chat petnames, I went with making it known the relationship was public, but the actually assigned petname is private.
Yes, they can be either/or. Which one makes sense depends upon the type of client. I think Vitor wanted this for health care data, so patient:doctor should probably be private. But Alex wants them to define community membership, and then it might make sense to make them public, so that the other members can see who is in the community. Especially, if the relationship events stay on a dedicated community relay.