What they could do is have contact requests go through Skype master servers, not p2p, that way you could only look up the IPs of people you are connected to. But is it a big enough issue that they will make such a big change? I doubt it - and I'm not sure they ought to have to do it, either.
Yes there would have to be master servers to close this hole, but I can't imagine how it can be done without everybody upgrading to the new client, so we can assume that every Skype user's ip is known or will soon be known. The current state will last for a while.
You don't have to be even logged in for this to work(!) according to some already published research.
Note that you are not always forced to be in someone's contact list to contact him. It's a user configurable setting. I wonder if call-blocking for incoming calls from persons not in contact list is done at server level or client level.
