24. May 2017 13:05
The answer is your information security. PointFire interacts with and can modify all of your pages and all of your documents and their metadata and your lists and your user profiles. It needs a lot of access in order to make sure both your UI and your content are in the correct language. If you use a Provider-hosted add-in, the data required for the add-in to work has to go off your site to a server that is controlled by those who developed the add-in. The traffic is encrypted and your login is not shared, but it still means that you have to trust those developers to properly secure your data while it's on their server.
We chose the more difficult (for us) SharePoint-hosted model because none of your data and none of our code ever leaves your control. There is no information, encrypted or not, going to our servers. All your information stays on your SharePoint tenant or on your browser, as does all of our code. It's more difficult, but it's worth it to protect your information.