The crown jewels should always be kept under lock and key!
A couple of years ago I was at one of the Github drink meetups. I asked if they were working on encrypted private repos (this was just before or around the time Github Firewall was introduced). A Github employee told me no… before adding that in his opinion source code was not valuable.
I asked him to clarify and he said imagine if Twitter had their source code leaked. It wouldn't be a big issue as Twitters success was built more on business execution rather than code. A valid point perhaps but small indie developers could easily be put out of business if the source code to their unique selling point or competitive advantage were to be made public.
I'm sure Github (and others) take security seriously, but given the above, caveat emptor!
Hosted repos can only be so secure. If you need absolute trust, host them on your own machines (for which GitHub and Atlassian will happily sell you tools to make doing so easier).
I think there's a lot of truth in this attitude, I sometimes think 'if someone can take our code without all our knowledge and do something useful with it better than we can, then they deserve to win', having said that, I also strongly suggest that it would be bad for GitHubs business for it to be widely known that they have this attitude...
Before you answer, consider http://www.extremetech.com/computing/120981-github-hacked-mi...