Roam Research has a feature called "Page Permissions" that if enabled will publicly expose your graph to hackers.
This experimental feature allows you to granularly share certain pages of your graph with the outside world. However, the way that the Roam team accomplishes this has major security flaws that makes your graph not secure and allows it to be downloaded by hackers, or anyone who is tech savvy.
If you want to check your graph's privacy, you can see if it's exposed by using the following tool.
First, open the "Share" menu in the top right hand corner of Roam.
Next disable the toggle next to the text "Page Permissions".
Voila! Your graph is now private.
Enabling the sharing feature at all is very dangerous. Anyone who wants to "hack" your graph needs to know it's name. By sharing your graph, you expose the database name in the URL.
If you really feel like you want to share your Roam graph, only share it with people you trust, and make sure your Roam database name is impossible to guess.