In my opinion pretty terrible that github nilly willy can decide your org was inactive for too long and give it a new owner. (tbf i dont really know for how long and how inactive but still, this is potentially a security vulnerability with github)

Probably since no one has abused this mechanism yet. I’m sure if people start trying to vacuum up inactive accounts, it might become a problem