Spoofing GitHub's SSL certificate is a step in the direction of inserting espionage-style backdoors, as GitHub permits HTTPS read-only checkouts of repositories.
I'm not suggesting that this will be free of problems, given how particular Git is about checksums, nor am I certain what methods they would use to acquire SSH commit access for altering repository contents to affect the rest of the world.
Still, it's absolutely a necessary prerequisite to altering data from GitHub - and, if they acquire SSH keys, altering data at GitHub. Both possibilities are terrifying.
GitHub now [allows HTTPS pushes], so a man-in-the-middle attack on a single connection would be sufficient to push backdoors. In any case, can't the intermediary just add another SSH key to the account?