I presume it means that if someone accidentally pushes up a token to a public github repo then it can't be used to hijack all the PyPi packages corresponding to that token to become malicious