I mean, I'm probably overreacting as every mastodon 3rd party service or app has the same token, but I'm paranoid about trust and privacy.

The last thing I want is for someone to trust a Pixelfed server only for the admin to take advantage of the trust and read their DMs for example.

Even though I trust our admins and believe none of them would do that, just the possibility makes me uneasy.