Constituent Security Groups are showing that security is applied to system roles when they are no longer linked. This can be found by querying against the SYSTEMROLEAPPUSERCONSTITUENTSECURITY table in SSMS.
We're currently evaluating this issue for a fix in a future release.
Steps to Duplicate
1. Navigate to the Configure Constituent Security Group. 2. Note there is not Constituent Security applied to the system roles. 3. Query on the SYSTEMROLEAPPUSERCONSTITUENTSECUIRTY table in SSMS and notice that their appear to be records that are stuck in this table.