It's like the constant battle with our IT department to get and keep admin privileges on our machines. Yes, this can cause a problem but we need admin rights to do our job.
If you are not absolutely sure it's OK, then it's not. Pack your own chargers, use a "USB condom" or a power-only cable. If the charger has a cable that can't be removed, use it to charge a trusted battery, then charge your phone from it. Don't trust any smart battery, BTW.
Journalist covering summits like this are not regular guys and should receive opsec training before any such assignment.
When working on the Brazilian electronic ballot, I had two computers: one that was connected to the corporate network where I could read and write e-mails, and another I could manage (so I could run Visual Studio's debugger), that was on a completely different network, in front and behind some of the most aggressive firewalls I've ever seen.
More info: http://www.usb.org/developers/powerdelivery/
Right now, USB-C is only just starting to get past the “which cables will physically harm my device with a given charger even though they plug in correctly” phase.
I use a "USB Condom". My current USB Condom is this one:
In fact, I sometimes even use it with my own, trusted, devices. For instance, I don't want my macbook itunes to know about my iphone so when I charge from my own laptop, I use the "condom".
I'm sure these exist for USB-C...
Of course this would require cryptography to do properly so it'll never, ever happen.
Either that or a tiny switch beside each port to enable/disable the neutering feature.
Why would anyone assume otherwise?
After all, when was the last time your power drill caught a virus from your extension cord?
I worked in various security positions at one of the US's biggest ISPs and routinely brought these sorts of things up to family members. I am embarrassed by the kinds of practices my family employs. The excuses vary but most of them fall along the lines of the same excuses smokers give when asked about lung cancer risks: "It Won't Happen to Me(tm)".
Even within our industry, bad practices exist all over the place. An example I often point to is Code Signing certificates -- I went through the trouble of generating a CSR offline using a Linux live CD, backed up the private key to an encrypted thumb drive and placed the result on a Yubikey to protect it when I need to sign something. The best part was sorting out how to actually give the CSR to the CA I used to purchase the key from. They offer all kinds of convenient, (IE and Firefox-only) in-browser mechanisms which result in generating the key online in a potentially already-compromised machine, but I ended up having to go through several steps using phone support to get my CSR to the CA. The way they did things encourages people to not think about protecting the private key; simply leaving it on an unencrypted volume with (likely) no other encryption used to protect the key.
 https://thenextweb.com/insider/2011/06/28/us-govt-plant-usb-... And these are specifically the kinds of people that should expect to be targets of an attack like this.
 I mention this kind of certificate because its credentials are such that an individual or company is named -- it's meant to identify a person or a legal entity, not a domain name -- and things signed with it result in that legal entity or person's legal name being displayed on launch in operating systems like Windows. It's something that you really wouldn't want to have fall into the wrong hands lest your name end up being prominently displayed prior to the installation of malware.
Edit - note, this isn't properly secure! Please screen your devices properly and consult your organisation's security team/local tinfoil hat wearer, or educate yourself about side-channel attacks, monitoring, and the history of surveillance devices.
Best to open it up for inspection, then destroy it. There's not a lot of room inside the body, by the looks of it, but there could still be plenty of fun stuff hidden in there anyway.
Thinking logically though: due to the public nature of the release, it might actually just be a fan..
That's not to say it's definitely not malicious, and I certainly wouldn't be plugging it into my phone. But it is Singapore, where it is hot, so I do understand the rational of giving fans to the journos.
I suspect that the person in charge of the decision didn't consider the fact that USB fans are a possible attack vector.
I think that some readers here have been reading too much Frederick Forsyth or Tom Clancy, with these ideas about baiting and switching and bribing hotel employees.
A reasonable security assessment of this device could be done in two minutes. It would take longer to take pictures of the disassembly and post the pics on twitter.
If you're wondering what the 'state of the art' in disguising components to look like other components is, this  is probably the best example. It's a guy that turned a LED into an LED and an inductor, and put transistors inside of switches.
What you're proposing -- basically putting a USB-capable microcontroller inside something that looks like resistor -- isn't impossible. I can imagine that it could be done, but I would have no idea how. You would probably go with a very small (physically) microcontroller, maybe one of the SOT-23-6 PIC or AVR packages. I don't think it's possible to write a USB stack for those, and you only have 1-2kB to implement a BadUSB  sort of thing. It might be possible, but I doubt it. Still, that size of package could be disguised as a (large) SMD resistor, although the PCB would look odd with the addition of extra traces.
To be honest, it really wouldn't make sense to disguise a microcontroller as passive components. It's already been demonstrated journalists will gladly plug random USB devices into their computer. If you wanted the device to just pass a cursory investigation, you'd just put a glob of black epoxy over the USB port. Hiding a microcontroller as a pair of resistors might be possible, but it's far more effort than what is really needed.
As a targeted attack it makes sense. Still you would have to muffle the sound of the fan.
Plus, there does not need to be a data connection for the powering of these devices to present a security issue. It could just need power to run a microphone or GPS.
Who handed these out? And what are the odds that any free USB device contains malware or spyware of some sort?