Github Permission for All Repos..

How is it that using Travis-CI requires permissions to all my repos (public and private) and read/write permissions on all of them?  
Its not just Travis, other integration providers have this issue too...
How does this not create a giant security hole if one of the 3rd party providers gets hacked?

