Which is that same thing as saying not to use any cloud, co location hosting, or possibly even the internet.
Github is over SSL, and is stored encrypted at the remote end.
If the story had been Dropbox spewed man's financial credentials in bad app update, the story would be focused on the tool and service, not how stupid the user was for using the service. The user had an expectation of security AND privacy.
A private github *should be* no different to using any 3rd party cloud provider.