The mentioned menu bar app is a MITM (man in the middle) and rightly discloses that it gets all your session creds and uses them, along with keychain and full disk access:

Privacy: Reuses existing provider sessions — OAuth, device flow, API keys, browser cookies, local files — so no passwords are stored.

macOS permissions: Full Disk Access for Safari cookies, Keychain access for cookie decryption and OAuth flows...

It's excellent this is disclosed as a reminder of how things work and the tradeoffs you're making to use it.