Discord server security

TL;DR

Discord is has very poorly secured defaults (minimal security). This allows even the largest or partnered servers to be nuked, spammed, trolled or phished with minimal effort (although it is a bit harder on larger servers).

What are the defaults?

When you create a standard server (select for a club or a community) this is what you get:

A text channel and a voice channel.

Default user permissions

By default there are two big settings, @everyone and @here permissions. By default these are on allowing anyone who joins to wreck havoc:

There is also no user screening, auto-moderation or roles (allowing for new users to have lower permissions such as slow mode etc.)