Sorry if this is off topic but I’d just like to say that account security goes farther than just securing the log-in. You have to consider that an account’s Robux, it’s most valuable asset, can be exchanged with just a click.
Purchases are currently not secured at all, it only takes 1 click to completely drain your account in some cases. Incidents in the past where users were able to hide the prompts and get people to click showcase how damaging this is.
You should seriously consider options to make purchases more secure. Maybe a 2FA for large purchases or a captcha to ensure that the purchase is intentional. Many people lose Robux without having their accounts compromised because of flaws with the purchase system.
Attackers will always target the weakest link in the account security chain, and Roblox has serious work to do on purchase prompts.
See:
https://devforum.roblox.com/t/the-scam-that-hides-the-purchase-popup-is-back/1793279