I'm willing to bet GH is being mirrored internally as you suggest otherwise you'd be exposing the only current digital copy to hackers. That just seems a reasonable expectation to me.
So the activity is likely happening on the larger and more exposed GH service, while internally there is a daily copy bring backed up that isn't (as) exposed to hackers.
Something life that would be a great way to displace risk.
But thats not how git works. Everyone who uses the repo has a copy of it. Even if you hack GH the worst possible outcome is a hard reset of the repo, which would break pulls anyway. Unless a literal city council thinks its a good idea to not have local copies of their own law source code they are modifying regularly or something.
Seriously, I'd imagine they treat it as “someone else's problem” — like backups.
If GitHub gets hacked, I imagine their plan is “be affronted, and sue”. When GitHub's lawyers point out that the terms of service don't guarantee anything, the plan says “be even more publicly affronted that GitHub refuses to take responsibility, while taking no responsibility”.
There are cases in history where records offices were held in rebellion for political purposes. A blockchain would change means of control of records from violence to compute power.
For these purposes, the blockchain is just a fancy way to maintain accessible backups. It doesn't give anyone but the government "control". The law is always what the government in power says it is, pretty much by definition.
So the activity is likely happening on the larger and more exposed GH service, while internally there is a daily copy bring backed up that isn't (as) exposed to hackers.
Something life that would be a great way to displace risk.