As reported by Maksymilian Arciemowicz, it is possible to perform a man-in-the-middle attack on the request that fetches git revision information from Github