Then you won't objective to 3fa or 20fa. More steps is safer right?
If your account is unimportant to you github shouldn't force you to add layers of security when they literally throw you under the bus in the TOS telling you it is your responsibility.. good let me decide my level of risk.
Keyword: if. What little i do distribute to a few end users come from local builds through a completely separate system.
The security level applied reflects this more than well.
To my (well-founded) knowledge nobody distributes my code; and if they did they'd have full responsibility. That's what "THE SOFTWARE IS PROVIDED 'AS IS'" means. You don't have to like it and you don't have to use it.
There really is no middle ground unless you develop a relation. Who says i can be trusted? Not me!