Maybe not intended scam, but definitely it is a bad practice!
Better keep away from such things!
Not intended?
Asking for your private key is scam.
They dont need to have this.
The only reason to require users to give out their private keys will be to save fees, but this does not really make sense either, as the company recently did an ICO where they (claim) to have sold tokens for several million USD. Sending tokens to the participants would at max cost a couple hundred dollars. They could also set op a claim function with Metamask so users wouln't have to expose their private key.
There is no valid reason to ask for your private keys.
How would this save you the fees? You still have to send the tokens from one address to another, with or without key you have to pay for the fees.