All that does is associate an arbitrary SSH key with a GitHub account. There is still no reliable way to verify the identity of the GitHub account owner, or the SSH key that account holder generated.

How does that expose any more information than you do by pushing a commit with a GitHub account?