I'd much rather see a public statement on these sorts of issues. The only thing I see on the site that is even remotely relevant is a one-liner on the plans page: "We make every possible attempt to never transmit your data unencrypted."
Presumably, the amount of proprietary code you will manage will only increase over time, perhaps remarkably so. It would be somewhat reassuring if I saw something that indicated that you take this stewardship seriously, rather than tossing off "best effort" one-liners.
You're absolutely correct, we have scraps of information about our security here and there, but no formal page spelling it out. Our security page will be located at http://github.com/security, expect it up within the next day or so.
Presumably, the amount of proprietary code you will manage will only increase over time, perhaps remarkably so. It would be somewhat reassuring if I saw something that indicated that you take this stewardship seriously, rather than tossing off "best effort" one-liners.