That's completely ridiculous (and, unfortunately, also completely plausible with companies) - see the so-called "analog hole" (or in this case even digital - if it hits the browser as textual content).
There is still a big difference in terms of attach surface between a complete repo cloned in /home/$USER and some transient partial information that is gone (in theory) once you close the application/browser, so I don't see why it's completely ridiculous.
I doubt the code is that valuable, but if you don't trust your employees to not do that (seriously, nearly every other company trusts their engineers at least that much), then why did you hire them in the first place?
Do you mean "trust" as in trusting they don't have malicious intents, or trusting they won't be lazy or distracted sometimes? In this case I don't think it's the former, since nothing technically prevents an employee from cloning the repos and running away to a competitor. I think it's part of good security "hygiene" that helps protect you from yourself.