I think there are a lot of people that take it for granted that github isn't a vulnerability. I tend to write it off thinking that the devs would figure something else out when the time comes. Using github definitely doesn't fit with the ethos of "trust minimized"