Interesting. When you give a third-party access to your GitHub repositories, you also have to trust that the third-party implements all of GitHub’s security policies. This must be very hard to actually assume.