Isn't this a little like reaching out to Linus because someone changed their home directory permission to rwxrwxrwx? It sucks for them, but what could google do?
They could make the default such that you couldn't grant anyone outside your organization any particular role, unless principals associated with that domain are explicitly whitelisted (by domain).
(And, in the other direction, there should be a request/response flow when you're added to some random project/org you have no interest in, which can make you vulnerable both to legal attacks by the org mistakenly adding you and to phishing.)
Many folks have contract admins, it would add a lot of friction for the normal case just to try to prevent something that should be transparently dumb anyway.
If it were happening a bunch, there might be a good case to be made for changing permission-granting UI. Maybe not kernel-level, but OS-level, at least.
In fact, lots of distros now warn when a user attempts certain sudo actions, for similar reasons—mistakes were being made, and adding a little or the right kind of friction could prevent them.
(And, in the other direction, there should be a request/response flow when you're added to some random project/org you have no interest in, which can make you vulnerable both to legal attacks by the org mistakenly adding you and to phishing.)