Yep. GitHub is definitely a weak link. One simply needs to reference Tornado Cash as an example of the risk.

Unfortunately, there isn't a decentralized solution as good as Github. Maybe Gitlab but is has the same exposure.

Perhaps, its time to start developing git integration with nostr.