A note here about scope: this is a pretty significant feature. IIRC, the way we talked about it is that it would sync with FAS. If you add an admin to a hub, it would add them as a sponsor to the group in FAS (and we want to be very careful about that so that we don't open a security hole). Please consult with @puiterwijk and others to audit the implementation of the backend for this.

This should use the new OAuth token system that's implemented in FAS3/Ipsilon1.3 (both scheduled to be in stg soonish).
With that, we can perform the actions as the user itself, which would thoroughly limit the possible vulnerabilities.

However, we still need to take care of blocking XSS attacks if Hubs is going to implement features like these.