As far as AD goes, the question is this:
Why would you allow the public to access a directory of internal information. (The contents of the directory). I know there are companies that will pay $$ for internal company telephone directories. (sales and recruiting companies).
Keep in mind, the AD stores (by default): User Name, phone number, mailing address, email address, email server, work hours, physical address, group memberships, and on and on and on, and "Everyone" has the ability to read this information about any other user in the directory.
So again, the question is: Why would you allow the public to access such a directory?
The answer is (or should be) very specific to your company. We choose not to expose internal email addresses or userIDs to the world at large. We escpecially don't want to expose Server information, with IP addresses, real names, roles, etc. We also don't want to expose all our subnetting information, which can show the network topology as well.
References: securityfocus.com securify.org, etc.. google. Many won't talk directly about network architecture, as they're focused on securing one particular server, rather than a group of servers, which are really just the building blocks of a "Web Application". Read the article about the Anandtech servers...that's the sort of detail that most places don't wish to make available.