I’ve recently been added to a couple projects so I could help out, and I found that I could completely kick the project’s owner from it. Given exit permissions, I should not be able to completely take a project from the person who made it; this is a security issue. It looks like the person I was able to remove is still able to do the same to me.
Given that project editors have full access to a project, like .env file credentials, you shouldn’t be adding anyone to your project who you don’t trust enough to not kick you out of your own project. But having the flexibility to do so is sometimes useful for legitimate reasons.
Definitely seems like there should be a couple of different user roles for collaborators (or maybe there are and I missed it). Another approach (I think Reddit uses this for subreddit moderators) is to just make it so you can only boot people that are below you in the list.