Two intertwined major design flaws here:
1.) Anyone you grant editing permissions to can immediately delete your project (private or public), such that it is unrecoverable. Only owners should be allowed to delete a project.
2.) Anyone you grant editing permissions to can remove you as the owner and/or make themselves the owner, without your approval. Ownership changes should require the approval of an existing owner.
This is a serious permissions flaw, from my perspective. I’ve tested and confirmed that anybody you add as an “editor” can in fact remove you as the owner, make themselves the owner, and even completely delete the whole project – all with no confirmation required from the legitimate project owner. Furthermore, there is no ability for the original project owner to recover their project at all – it’s completely deleted outside of their control.
Thus you have to COMPLETELY trust any employee or collaborator to whom you grant editing permissions on a project. This is quite uncomfortable, given that we’ve invested years of development and note-taking into some projects, and an intern could unwittingly wipe all of this out if they think they are just cleaning-up their own account by deleting projects they’re no longer interested in.
In fact, I’ve discovered that a user with editor permissions doesn’t even need to make themselves the project owner – they can irreversibly delete the project just as an editor. This should not be allowed. Only project owners should be able to delete a project. Only project owners should be able to transfer ownership.