Anon user can be added to group via Rules

Maintainers of OG and BOA please read carefully, I have an example of the situation I described below.

Was playing with the rc4 or ~dev versions of OG and with the Rules module. Made a rule where

Event: content is viewed

Conditions:
Content is of type group
AND
Data comparison (node id of the group)
AND
NOT Member of the group

Reaction:
Show a message "You are automatically subscribed to this group"
Subscribe current user to this group <- THE MOST IMPORTANT PART

The problem is, that at first I did not think about the fact that anonymous user is also treated as a normal user(!), so... my anonymous user got subscribed to this group!!!

So, I thought, that I could manually delete anonymous from members and tweak a rule with aditional condition not to subscribe anonymous users, but there is no such user anywhere in the list. Damage is done.

I have disabled that rule, after that I have a problems:
1. Anonymous user is not shown anywhere in the group management pages
2. I can FREELY post as anonymous user (spammer) to the group (mentioned in Rules above) without any problems, posts are shown! I haven't checked commenting yet.
3. As an anonymous user I cannot unsubscribe from the group with unsubscribe link, although all the steps are shown - I can see the link, I see the confirmation page, but nothing works.
4. I am using BOA Aegir installation and it is cached to the limits even if I am using with default config - all the custom scripts, redis etc, so my pages MAY be distorted by various caches: I can see Og extras block with "Add to group content" of not, but... I can access as anonymous http://mypage.xxx/node/add/nodetype AND post freely to that group I mentioned above!!!!!!!!!!!!
5. After some time, seems like hardcoded nginx, redis or whatever other cache (use also Drupal block caching and entity caching) period everything goes to normal again - I cannot post to that group, BUT still problem 3 persist. It seems to be true after logged in user is logged out - cannot say If I can do the same if the site is with no activity for some time
6. Another less major problem... mysite.xxx/node/add is freely available to anonymous user AND user is redirected to mysite.xxx/node/add/nodetype (post node type in my group)

To BOA maintainer - sorry I will not provide the logs for now, they are 100% normal, running 2.0.5 stable, and config is 99% of default, with changes to some php and mysql settings. Tried cache cleaning, ?nocache=1, ?noredis=1 - results are similar and unpredictive

Can give a clone of that site and user 1 to play with to maintainers, because now it seems like It is serious bug.