Our organisation recently had an issue where a major change was inadvertently made to our Active Directory, which is integrated with all of our Atlassian products. As a result, our Atlassian products synced the changes which took a long time to complete and then re-sync when the issue was resolved.
It would be nice if Crowd (inc. embedded Crowd) had some kind of protection against major upstream changes, so an issue isn't inadvertently propagated to Atlassian products and cause disruption to end users.
At a basic level, this could be as simple as preventing a sync that would remove all users or groups from a directory. (In our case, this would have mitigated the issue on the Atlassian side, at least).