As far as I see it, this is one of the unintentional side effects of "hosting in the cloud". If you had co-located servers you'd whack up a firewall and only allow your internal IPs to access non-HTTP ports. Alas everyone now just spins up an S3 image and palms it off to Amazon.
Are you able to make requests between instances on non-public ports? As someone else pointed out Memcached infrastructure typically won't sit on your local webserver.
So lets say you've got memcached, mysql and a bunch of webservers.
On the memcached security group you open 11211 to the webservers group
On the db security group you open 3306 to webservers
On the webserver group you open 80 and 443 to everyone.