Doesn't mean its not impossible to put in a back door vulnerability in that's hard to spot.
Heck, the guy in charge of checking could do it.
I feel like you haven't read what I said. Yes, he
could do it, if he wanted to spell the end of his career. It's a safe assumption that he wouldn't do it.
Point is, it was a foolish thing to do. Not for some small business or low risk site but for a major political candidate who has drawn a ton of criticism, right or wrong.
If anything, a big business or political candidate is probably in a better position, since they could easily get the guy sued.
But even then, you've got nothing. It's common practice. Heck, some libraries encourage linking directly to their upstream as an easy way to get yourself set up. Is it super-duper secure? No. Is it secure enough? Yes, in most cases. Your reputation as a professional is probably worth more than the 30 minutes of lol-funnies you might get before the site gets fixed and your ass gets in trouble.
Plus, sucking bandwidth from gitbub is a shit move, even if its only a few kb per visit.
I don't know what gives you that impression. There is nothing in GitHub's terms and conditions that would suggest they're even mildly opposed to people hotlinking their resources. And if they were, I'm sure they would take action to address it long before "tech bloggers" of this guy's calibre would get involved.
So far, you're confirming my suspicion:
This is nothing but pandering to the non-technical anti-Trump crowd who will see this article as "Trump did something bad/stupid!" and share it with all their friends.
It really seems like you have no reason to find it relevant, other than someone telling you that someone related to Trump supposedly did something incompetent. It doesn't matter if it's true so long as it attacks the politician you don't like, right?