I’m working on an opensource project owned by an organization (Microsemi/switchtec-user). I’d really like to get travis-ci.org enabled for this repository but the people in the organization’s IT department who maintain control over it obstinately refuse to turn it on. They are worried that even logging into Travis will give Travis access to their github account or provide a third-party access to their other private repos and data.
All evidence I can find says that this is not the case and enabling a travis-ci.org account does not risk account credentials or private data. However, it would be great if someone can give me an official answer which I can point to on what risks there are (if any) to their private repositories when using a third party service.