While a potential for concern... I would guess that CloudFlare's own routing would take them to an exit node close to Github's... that does make quite a few assumptions though. It would still be more complicated to mitm between CloudFlare and Github than ISP-X (or China) and Github...
And it doesn't work on custom domains (Github can't present a cert for your domain); you can make it "work" via Cloudflare but that only works if Cloudflare doesn't validate Github's cert, which introduces yet another unsecure link. [https://github.com/isaacs/github/issues/156]