As a Roblox developer/group owner, I believe groups are still too vulnerable to cyber attacks, and measures can be put in place to prevent them from happening.
Recently, a group I previously owned and at the time of the attack, co-ran, was decimated by an exile bot and we lost 7.8k members 
. One of the HR was “hacked”.
My suggestion is relatively simple (to my understanding), the pin-lock feature has been applied to changing owner ship of groups, and I think it should be extended to the exiling of members. Secondly, to help prevent the issue of having alt accounts promoted to ranks which can exile, accounts must be email verified and have pin-locks active before they can exile people from groups.
Finally, caps on how many people can be exiled per hour/day per account (or for the entire group, although that would be a bit tedious in some circumstances), would also add an additional step to stop people emptying groups. I believe it took our attacker 30-60 minutes to exile 7,800+ people which is absolutely insane and should not be possible.
These options could also be settings set by the group owner. For example, the group owner can select levels of “security” (i,e; ‘Users must be verified and have a pin-lock before they can take administrative action’), as well as options to cap how many exiles can be done per day.
If Roblox is able to address this issue, it would improve the stability of groups, and give the leaders some security in knowing there are counter-measures are in place to ensure their hard work is protected.
Thanks 