I have reread your post and now I have understand what you found
and the problem is also in SDK version 2.8.0
my Test:
- guest-1 starts the meeting with setting “Allow participants to join anytime”
- guest-1 will be host with the host key
- guest-2 enters the meeting
result: OK
now guest-1 (the host) closes the browser tab
result: OK
wait approx. 2 minutes
result: BIG PROBLEM → Guest-2 is now host without authentication