This is not even remotely true. All they have is the information that somene at $IP is using Rpi. Granted, I'd prefer not to give them this info, but let's stick to the facts.
This technically does give them the ability to backdoor your system if they supply an "update" for something you have installed via another repo... but that is very far fetched, obvious to anyone paying attention, and would be hell for their PR for minimal gain.
It also gives them the ability to override any package on your system with one they make. All they'd have to do is increase their version number beyond the one in the "real" repositories and Apt would automatically update to it by default.
