I wouldn't call this security per-say, but it may be a bug in our handling of user page privileges. Make sure that only that other groups don't have any privileges in that category. If that is already so, then please open an issue on Github.
We have one over-arching group that is kind of like "administrator" but from a forum/moderation point of view. The other individual groups have their own sub-categories. So, for each of the sub categories, the over-arching group is assigned and that one group related to that sub-category is assigned.
I'll throw an issue up. Sound like it might be a bug.