There is no way by which to completely remove this feature, since it is enforced as a single permission on the Active Directory side.
Use ActiveRoles Server to create a triggered Workflow which runs whenever a Group is created by the target Users. This Workflow will run an action and clear the Members attribute.
The effect of this Workflow is that users can create a Group and populate it with any accounts, but the populated members are immediately cleared when the Group is saved. Without the permission to Modify Groups, they cannot re-add any members after the Group is created.
This is possible to implement in ActiveRoles Server 6.7 with a simple PowerShell script.
In ActiveRoles Server 6.8 and later, this can be very easily implemented with an Update action.