While a potential for concern... I would guess that CloudFlare's own routing would take them to an exit node close to Github's... that does make quite a few assumptions though. It would still be more complicated to mitm between CloudFlare and Github than ISP-X (or China) and Github...
And it doesn't work on custom domains (Github can't present a cert for your domain); you can make it "work" via Cloudflare but that only works if Cloudflare doesn't validate Github's cert, which introduces yet another unsecure link. [https://github.com/isaacs/github/issues/156]
I'm a big believer in "Readme driven development" . It's critical you go through the exercise of 1) explaining what the software will do and 2) how it will be used with concrete examples. The value of this documentation will always outweigh the time spent writing it.
Deis maintainer here. We understand Deis can be a bit heavy for those who don't want a multi-node HA setup. For the 'humble web developer' we strongly recommend Dokku. In fact, we're now sponsoring that project: http://deis.io/deis-sponsors-dokku/