It wasn't only org access I was objecting to; I think it's unreasonable to require full access to even a users own private repos (which might also be forks of organisations private repos) just to login.
If you need access to a private repo for an import/export you can request that when you need it. I don't think it's good practice for companies to ask for so much access (not for users to give it; but users tend to be less aware of security implications than the companies asking for the access).
I know most people don't care; but I won't agree to any service requiring access to repos it doesn't need; it's too big a risk. I use GitHub login for more sites than I can count on my fingers; it doesn't make sense for them all to have access to all these things.