It's misleading to offer this as an Exchange problem. This is generally a problem with allowing a 3rd party access to personal or corporate resources - this is a general risk with 3rd party apps.
Part of the problem is that especially on mobile devices it's not possible to be selective what you allow. If you could identify a subset of data that you were willing to hand over to the planet the risk would be at least controllable, but apps want all or nothing. Well, all, because having the temerity to insist there are things you don't want to share like location either leads to an app that doesn't work on iOS, or one that doesn't even wants to install on Android, the latter also not allowing you to change your mind later.
Mobile apps are still in their infancy when it comes to protection of information, and I personally don't consider this infantile state a coincidence. The Internet has two currencies, one is bitcoin, the other on is personal information. Only one of them is sort of legal..