Did you verify that information in the sysusers system catalog table (usertype = D) ? Sysusers is the place where users and role are granted their overall privileges.
table based privileges are defined in systabauth and syscolauth, which is another thing.
There is no absolute reason why the "public" would require to be granted DBA privileges.
After auditing Informix implementations since 1991, I have seen this situation many times. The reasons of this are generally lack of interest for security and "simplification" of security management.
DBA to public is not justified in any case. It means that everybody can create, drop or alter tables as they wish, which is extremely dangerous in terms of data security.
If (this is what I suspect), the application needs to create tables for any functional reason, I would recommend to create a DBA stored procedure(which inherents temporarily the DBA privileges) that creates the table(s), grant execute of this procedure to public, and revoke DBA from public. This would be the right to implement a safe security policy along with the ability to create some tables.
Revoking the DBA privilege is very easy to do, but the applications will have to be thoroughly tested after that, since bad suprises may
If you wish to understand a bit more about Informix security, you can check this presentation I had built a couple of years ago or so. This is an introduction to what you can do with Informix in terms of security.