Imagine you just found out a member of your project is actually a police informant. What project resources do they have access to? How will your group go about locking them out and protecting yourself? Is there any one person who could bring your project to a halt because they are the only one with certain passwords, access to mailing lists, or databases? Is there anyone who has access to a lot of data who doesn’t need it? (Which isn’t to say they are suspicious, but that a good security practice is limiting access only to people who need the information.)
Are there any changes you could make right now that would make an informant less of a problem?
For sure, this kind of thing seldom happens, but the more prepared we are, the stronger our group will be, and the more trust there can be between the members of the group.