syslogins or sysusers? That is, server logins or database users?

As John says, you should be using sys.xxxxx_principals, but whether that is database_principals or server_principals depends on wherther you are reading you are reading database users or server logins.

The default is that  unprivileges users cannot view metadata they don't have access to. So the other logins have some permission or role membership they should not have.

The correct solution would be to put the code that runs the query against sys.xxxxx_principals in a stored procedure that is signed with a certificate and then a user (if on database level) or login (if on server level) created from that certificate has been granted VIEW DEFINITION (if on database level) or VIEW ANY DEFINITION (if on server level).

I discuss certificate signing in detail in this article on my web site:
http://www.sommarskog.se/grantperm.html.