The reason people were sounding the alarm 10 years ago is because if you tie yourself to a proprietary platform then you're at its mercy, even if it changes for the worse for everyone which is what we're seeing now.
With open-source projects, realistically there is no shortage of alarm sounding, and there is a shortage of alarm fixing, consequently if you really care about this being fixed you have to volunteer to go fix it.
From the outset, crates.io was careful to deliberately not tie itself inextricably to Github. For example, by resisting the endless deluge of people demanding that Github usernames be used as public-facing package namespaces. Github is only used as an identity provider for logging in.