MUC affiliations can be spoofed remotely
The <x/> element used for MUC is not found using a namespace, hence a local <x/> element (which is passed-through by most MUC server implementations) will be seen by Gajim as a legitimate indicator of affiliation and role.
Since this will typically be the first such element found, it's possible to make Gajim believe that the sender is an owner, causing it to disable Kick/Ban options.
This was discovered primarily by Matthew Wild (MattJ).