Re: The real culprit
Is the deliberately holed *nix security model. Once again a SUID/setuid utility strikes.
You are very confused and clearly don't understand where the problem lies: it comes from the fact that an admin program (in this case, the newgrp) changes it behaviour (here, indirectly) based on input from a dubious low-privilege source (here, an environment variable).
This can happen in any system in which the user from time to time needs to have the system perform an operation with privileges that are higher than he has himself.
Which happen to be all of them. Even the bureaucratic ones.
This is also why setuid programs should always scrub their environment before they perform their operation.