That's a security risk in and of itself. Suppose someone has an account named 'bobs'. For whatever reason, they don't notice that they mistyped and put in 'bob' instead. They try a couple times with their correct password, and now the 'bob' user has in their logs someone else's valid password. Said user could then set up very minimal bits of automation to discover, and break in, to that account.
For one, because if someone does find a hole that gives them access to Github data, they'll have all password attempts, which would include typos of the real password. Which is a terrible, terrible thing to store in a hard drive (see Adobe)
For instance (just a quick idea): because if you make a mistake and enter your gmail password instead of your github password, now your gmail password is stored in clear text in their database, opening another can of worms etc.