Forge permission request for GitHub and AWS

I'd like to know if I'm the only one who feels uncomfortable giving such wide-ranging permissions to my GitHub and AWS accounts in order to use Forge?

I've done some Googling on the matter and there seem to be a surprisingly low number of people who even seem to care about this or acknowledge it as a problem.

So, if you think that I'm overthinking things and being paranoid then I'd like you to say so. Otherwise, if you think I have a point, perhaps you could suggest ways to make the interaction between Forge and GitHub/AWS more secure?

From what I've read, Forge is a great tool and it makes life a lot easier for a lot of people. Personally, I've always managed my own servers by spinning up EC2 instances, configuring the server software and then manually running pull requests to get my code from GitHub onto my live site. This has always worked well for me, but it does take a lot of time to keep the EC2 instances up to date so recently I've been looking into Forge as an option. And, like I said, it does seem like a great tool at an attractive price point.

But look at the access it wants to my GitHub account:

Repositories

Public and private

This application will be able to read and write all public and private repository data. This includes the following:

• Code
• Issues
• Pull requests
• Wikis
• Settings
• Webhooks and services
• Deploy keys
• Collaboration invites

...and that's just GitHub! I understand it will also want me to create an access key with equally wide ranging permissions on AWS too.

As I said at the beginning of this post, I feel quite uncomfortable about this. What if there was a bug in Forge and it accidentally deleted something important in my GitHub or AWS account? Or what if the Forge platform was compromised and hackers got access to both my codebase and my production apps? Yes, I know that the same could be said for GitHub and AWS themselves being compromised, but why increase the chances by adding a new potential attack vector?

I know that I could set up a separate GitHub account and a separate AWS account just for Forge to use to minimize the risk (and, actually, I'm seriously considering this) but that means paying additional GitHub subscriptions and it would also complicate what, at the moment, is a fairly simple setup in terms of payments.

I realize that this isn't necessarily the fault of Forge. From what I can gather, GitHub and AWS don't really make things easy in terms of permissions either. I see in the Vapor docs, registering a separate AWS account is actually listed as a recommendation. But I find it incredible that more people don't seem to be concerned about this and that after an hour or so of Googling I can't really find and decent suggestions or discussions from anyone relating to these concerns.