What, you don't trust me with ALL YOUR REPOS? Haha. I know, I mentioned this permissions thing in the blog post. Building it for myself, that scope is the only way I could read contributor stats for my company's private repos. Definitely don't need 90% of the other things, write access especially. Optional private repository access seems like a good solution.
That's what made me not do it. To be fair, I wrote a Github app once where I wanted read access to public and private repos, and I couldn't find anything in the Github API to give me specifically that. I had to request read+write for public+private, which is horribly permissive and gave me access to a bunch of stuff my app didn't need.
Yeah, I wish there were more fine-grained controls for permissions, i.e. just let me access meta-data like stats for repos (because that's all this app really needs).
Haha, yes this is a pretty high bar of entry.