The mitigation of allowing changes only to members having noShal - I think being able to help members with only a single group is a pretty rare situation. I own two premium groups, focused on a particular railroad's history and operations, that are essentially parallel groups. They have both existed for many years and discuss the same subjects and the same histories. They were originally created as separate groups by different owners who didn't see eye-to-eye about how to run groups. Over a number of years on Y!, ownership of both groups eventually passed on to me and I maintained them as they were. When I transferred them to groups.io, I kept them as parallel premium groups to keep the traffic as people were used to and to be able to assist the old-timers.
I also moderate two other groups with a similar story, except that they were both spinoff groups and the primary group died. And because the railroads ran in the same area as the first two groups I mentioned, there is a lot of crossover between all those groups, and many other related lines.
Those are the people that seem to need the most assistance today. They joined back when joining was simpler and they may have had a spouse to help them. They're older now, and many have trouble doing much more than replying to posts. But many of them with blue collar backgrounds have an irreplaceable knowledge and eye-witness memories of the actual history we discuss. To lose them can be a huge loss.
Another premium group I have is the successor of a group that was also a parallel group to another group that moved here. I took that group Premium specifically because I was concerned that I might need the additional abilities available to a premium moderator.
So you can see, a person belonging to a single group is more likely to be the exception than the rule.
My suggestion would be to look at the security measures taken by credit card companies who face the same thing every day, but with much higher stakes.
This email has been checked for viruses by AVG.