Security breach - A regular group member should not be able to add group members just by adding someone to a Task
Lets say you have a group containing sensitive material like the Executive Management Group. Then if someone by (mistake) assigns a task to someone outside the group, suddenly all the group content is available to that person since Planner will automatically add that person as a group member. This is totally not acceptable and is major security concern for organizations.
Jørgen Solberg commented
There are many threads on this topic now, like this one: https://planner.uservoice.com/forums/330525-microsoft-planner-feedback-forum/suggestions/18980764-if-tasks-are-assigned-to-planner-do-not-add-indivi
You absolutely need to fix this or have some setting that disallow it.