I use NoScript as well (and I wish more people would) but to be fair I doubt the users who were part of the botnet even noticed it at all. It's only github who would've benefited from these users running NoScript.
Yeah, it was obviously a lighthearted comment, but the larger issue is that every web user is running someone else's untrusted code on every website they visit. Frankly I'm surprised these kinds of attacks aren't more common. NoScript helps mitigate this issue, and while it has lots of other incidental bonuses that a nerd like myself cares about, I freely admit it results in a worse end-user experience for almost everyone else.