So how is the IP address of someone that has viewed or crawled said secret Gist relevant anyways? Someone crawling a website is not probable cause (even if there is a single IP address which can be traced to specific machine, which is highly unlikely).
Secret gists are not published publicly, and thus are not crawled. You would need to have a direct link to the gist to have accessed it. Having the link either means you had access to it as an internal employee, it was shared by an internal employee, or an internal employee's system or email was accessed by someone else.
Or it could have been linked somewhere public? It's far-fetched to think that you'd be able to prove that someone seeing this gist is malicious. Github clearly states Warning: Secret gists aren't private.
Actually, they're subpoenaing. This is necessary to identify who may have accessed it; i don't think this is a suit over the privacy of gists.