Search reveals all hidden content...

If a search query returns results that are supposed to be hidden, those results are visible anyway.

In short: a visitor can use the search function to circumvent the protected content filtering.

Does the Membership plugin address this major security flaw in some manner that I've not found yet?

We need search for each of the user types we have on the website (such as visitors, and members of varying levels).