It’s not a bug (gasp!) really just not provided for. You have to add a filter to do this, eg
add_filter( 'comments_clauses', function ( $pieces, $query ) {
if ( empty( $query->query_vars['wpse_no_password'] ) ) return $pieces;
global $wpdb;
$pieces[ 'where' ] .= $wpdb->prepare( ' AND ' . $wpdb->posts . '.post_password = %s', '' );
return $pieces;
}, 10, 2 );
$args = array( 'post_status' => 'publish', 'wpse_no_password' => 1 );
$query = new WP_Comment_Query( $args );