Our organization created a bot account several months ago to facilitate the creation of GitHub Releases (You can see how we use Circle CI to manage that job in my semantic-delivery
Orb example).
Agreed!
It seems like a like-for-like trade-off in that, though we end up with a machine user that has owner access to our organization, the account, technically, has no more permissions than my own.
It would be really nice, though, if some day we can migrate away from machine users with owner permissions, as they still introduce a significant single point of risk.