I noticed that when the IsPublic option is selected, the Everyone Except External Users is added to the Members role of the O365 Group with Edit permissions. I think that it would be better if that group was added to the O365 Group with Read permissions (which would put them into SP Visitors Group). What do others think?
Adding that is not done by us. It's the server doing that. We basically send a boolean value to say 'IsPublic' or not. If you want to change that behavior the server will have to change, e.g. you will have to create a uservoice entry for that.