The issue isn't the vendors themselves necessarily but the quantity of them. Plenty of boring things over the years have had security vulnerabilities that end up with data getting leaked, so each additional one is just more risk even if you trust them not to be actively malicious. All it takes is one well-meaning but careless vendor to make the whole house of cards collapse.