Deleting repositories too easy.
Honestly for a company that prides itself in security it's really really easy to delete a repository. 2 Clicks and gone? There really should be an email confirmation of deletion so that 1. the owner of the repository knows it's about to be deleted and 2. if you hit it by mistake it's not just gone. 3. if a hacker somehow manages to use the api to delete the repository it's not gone until you email confirm it's deletion.