If you point a dns entry to an ip and later someone takes control of that ip, guess what happens... This is a YOU problem, not a GitHub problem. Talking about dilettantes in the tech world...
Yes, and what the parent post was suggesting was that GitHub would have you use a CNAME to point your DNS entry to a unique FQDN (that it can tie back to your specific repo) instead of an IP, which would centrally prevent this issue without relying upon every single user to act perfectly.
They would need a unique IP for every single repo. While this isn't a problem for IPv6, it is completely unrealistic for IPv4.
When github.example.com is configured as a CNAME to my-gh-page.my-repo.github.com, the IP that is returned will have no idea that it's my-gh-page.my-repo.github.com that is being requested as github.example.com will be what is sent in the Host header and part of the TLS SNI.
EDIT: I misunderstood what OP was suggesting. Pointing a CNAME to a repo specific domain name would work only if that name is removed after the repo goes away. As previously mentioned, this should not be Github's responsibility and it is a domain owners responsibility to properly maintain their records.
> They would need a unique IP for every single repo
I don't think this is true. If your CNAME myghpage.example.com points to <somerandomstuff>.github.com which then routes you appropriately, all Github has to do is remove that <somerandomstuff> subdomain when you delete the page and that's it, myghpage.example.com will fail to resolve and you're safe.
This would work even if Github only had a single public IP address.
edit: The issue with Github pages is that they make you point your CNAME to something.github.io not something.youraccount.github.io, so anyone can recreate something.github.io after you delete it. If they simply created the pages as something.youraccount.github.io you would be safer, unless you lose your account name. That's why the random subdomain is preferable.
That's not the case. Generate a unique ID on activation. Ask us to CNAME => <unique-id>.pages.github.tld. Drop the record when page is deactivated. Sorted.
All actors should take care of security, you should expect people to make mistakes especially if you're as big as Github. Your take on security is like talking about law and justice with a cowboy.
Nevertheless, I wonder, couldn't this be made more secure, by requiring those who publish the page HTML, to sign sth with a private key that [those who control the DNS record prove is their key]? So they prove that they have the same private key