A token lets us connect to the the public timeline streaming API of your instance so that we can include it in our sampling of the Fediverse, and to redistribute it through the #FediBuzz Relay - a service that is already used by many small instances. We are very happy to run this tool in support of decentralized media, implementing what centralized services do with ease: to provide a global view. Just like search engines do for the Web.
We consume only the federated timeline. We don't even see boosts or replies. Of course, we respect the Internet standard robots.txt.
Despite taking these precautions on our side, we still do not recommend using ActivityPub for sensitive communications. After all, it is made for publishing. Your data on Mastodon is already available to secret polices and script kiddies who will laugh at a robots.txt. For private messaging, we recommend XMPP with OMEMO.
Update: Token permissions
Since the introduction of this functionality, we have been made aware that the reading statuses permission allows to your read private messages - just like what your Mastodon admins can see. It is unfathomable why anyone would communicate privately without end-to-end encryption in 2023 but if you still do: Consider creating an empty dummy account on your instance for the token!