I think this is partly covered by 2FA. If you have a different password for both your Roblox account and your Email you should be pretty safe. Purchasing assets could always just trigger another 2FA email code, who knows.
A great alternative to this would just be requiring 2FA and a verified email in order to allow purchases and trades.
I would be much more likely to give my younger relatives robux if I could control what they spend it on. Giving the paying customer control over what they buy shouldnât negatively affect revenue. Last week I saw my 3 year old niece trying to press the buy dev product button on a cheap tycoon game. Less younger kids would accidentally spend robux on crappy games, but thatâs hardly a problem