Github actions are a target for any malicious actors as they have access to secrets like crates.io login tokens for potentially thousands of crates.

This organisation is likely to become the defacto standard for Rust Github actions. As such you should put in place (and document) some basic security precautions. For example:

• Require 2FA for all members.
• Limit within the org who can publish changes to widely used actions.

To name a couple of options.