Not entirely sure if this is something that affects Janky, but just wanted to put it out there: isaacs/github#115

Basically, while it used to be that orgs managed their team rosters (ie. who is publicized), this apparently quietly changed sometime ago, and now any user on any team can now choose to publicize. This is true even if their team has access to no repos, for example if they were placed there to be able to assign themselves to issues, or to be able to transfer repos to the org. Some using janky may not be aware.

It seems the sinatra_auth_github does assume publicized members are privileged, so people using janky might unwittingly be operating under a compromised security model:
https://github.com/atmos/sinatra_auth_github/blob/e956058a43c822ed9011a1f6aeb64d51a6f9c2c8/lib/sinatra/auth/github.rb#L122-L130

Anyhow, sorry if I'm misunderstanding, but just thought I should raise the concern.

This wouldn't be a problem with Janky, but rather with sinatra_auth_github. If this hasn't already been fixed by now, you'll want to fix an issue there.