Hey @damobb - welcome to the community forum! 
Even though anybody can visit the /auth/signup endpoint, it can't be used to create more than one organization. Users should see a 401 Unauthorized error if they try to do so. We'd rather not hide that page, either, because it is another way for invited/valid users to create a new account on the existing organization.
I hope that answers your question and alleviates any concerns! Feel free to follow up here if there's anything else I can do for you.