Subgroup documentation does not discuss security problems with runners in parent groups
https://docs.gitlab.com/ee/user/group/subgroups/ has no discussion of runners. I had to create a support ticket to learn that runners are unconditionally inherited by subgroups. Creating a runner in a parent group and then creating subgroup with additional maintainers gives those maintainers full access to the runner, potentially defeating claims in the introduction section like "For large projects, subgroups makes it potentially easier to separate permissions on parts of the source code.".