In many cases, none of these makes a difference at all. You may have 3 apps that need the most important permission (so what if it has unnecessary access to gists, when it has and needs full access to private repos) that you use on a single computer with a password manager. Either way, you need to reset the password/key if it becomes compromised.

Still, it's good to be in the habit of doing this, because sometimes you do need it.