what if someone working with github has inside ability to get login information?
or do you think people who work at github cannot figure out what someones login or password is at github?
is it a security risk, seeing as how there is money involved with bitcoin?

The code is duplicated on every developer's computer.

If the github source changes, then every developer will notice when they attempt to synchronize their local code with the server code.