I've procrastinated more than enough, so I made a couple of small changes to how the leave link works:
- If you click on a leave link and are logged in as someone else, you are logged out.
- If you are logged out, you are not then logged in as the person the /leave link belongs to.
- If you are logged in as the person the /leave link belongs to, you are still logged in.
- I re-ordered the buttons for leaving, putting the 'Leave Group' button last.
- The email address of the account is now displayed on the page.
As best I can tell, the security hole that J experienced is closed with these changes.
The security hole that exists when you forward a group email to someone else still exists, in that they can still unsubscribe you by clicking the /leave link.