[DomMac]

By breaking into a github account hackers won't be able to drain any founds, this is not something that is handled by github authentication. Founds are stored in a multisig Safe wallet, transactions must be approved by the multisig owners.

Apart from that, you are practically saying "hey there are hackers out there, stop building tools".

[SilverBirch]

If the payments aren't integrated into the github merge system, then what is this system doing at all. Why not just put a message in the merge commit saying "Hey, please send me eth at this address"?