We don’t even have certainty that the human running the account is who they say they are (anyone can make a GitHub account and make it look like a real person).

Not everyone who wants to use a container system understands the underlying code of that container system. If I’m a web developer using Docker Desktop or podman to build my PHP app, I’m not necessarily going to understand the code written in Go when my specialty is PHP.