Room membership is still determined by the server rather than the client - but we now warn the user and freeze the room if devices which are not signed by their owner are present in the room.

Constraining the user membership to be controlled by the client is Hard in a fully decentralised world, but we're working on it: one option is MSC4256 (which pushes the whole problem to MLS); another option is to run Matrix's state resolution algorithm on the client (making the client implementation even more complex) to ensure that the client agrees with the server on the correct user membership.