I'm surprised they kept this feature active for so long. Exposing a product / feature without authorization is like opening the flood gates for spam zombies to invade.
It's a special kind of spam that doesn't affect users. The victims are server bandwidth and server disk space. Users only benefit. They can safely reduce this operating expense by requiring login because everyone already has a github account. Other services probably couldn't as easily overcome the registration hurdle: pastebin, jsfiddle, jsbin, etc.
