Plex needs to add additional protection to the account, and I suggest this to be in the form of the following.
Now I have never tried to use this, but I’m pretty sure this is unprotected feature in plex settings.
In app.plex.tv > settings > account > preferences
You have a option called “delete your account”
This needs to protected by a email verification, then another password login and then enter your 2FA again, in order to have the account deleted.
And if this is performed then a 24 hour grace period needs to be active before the deletion of the account actually occurs.
When it comes to "Remove server”
This should not be possible to do if the server has been active for over 24hours, meaning, in order to remove the server from the account, the server should have to be offline for at least 24hours.