Unauthorized access at the root level

I have provided editor access to a folder for a couple collaborators. Somehow, they are able to create new folders at the root level and I am not the owner, therefore I don't have permissions to move/relocate.

First, how are they able to create new folders at the root level?

Second, how can I take control of the new folders to relocate them?