In training on publicly accessible repositories, GitHub did something anybody could have done. If they also used private repositories, though, I would see that as abusing their position.
Additionally, if they had trained on private repositories then they risk leaking code, and accidentally making it public. Even if that was within fair use it would still be a violation of the trust people put in them.