Right. But everything on github's public part is public. Zillions of people have copies of it. Microsoft can not "steal" the intellectual property in it: it has been publicly posted! It is exactly as easy and as difficult to steal as if you had posted it to say kernel.org. It's like saying: "I left a bushel of apples out by the curb, with a sign "free" on it, and Microsoft came and took one, which proves that they are evil."
Microsoft could make it vanish, either out of malice or out of incompetence (lose the data, or delete it deliberately). But that has no long-term effect, since zillions of people have copies of the git archive, and it can easily be restored. There is a tiny window during which the uploaded git repository is vulnerable, namely right after the author uploads it, and before anyone has downloaded it, if and only if the author immediately deleted their copy. That's not realistic.
There is actually another vulnerability: Microsoft could clandestinely modify the code in the repository. If they do it through git, then a change record will be left in the git log. But they could go around and clandestinely modify the source directly. In a nutshell, they could introduce a bug. Again, zillions of people have copies of the same archive, so if this happens, a search (by comparing copies of files) would quickly find it. Microsoft could this thing exactly once, and then the whole world would hate them, so I don't think they will.
Look, once people post their code in public (whether on Microsoft's github or anywhere else), the "attack surface" becomes infinitely large against inspection, and vanishingly small against disruption. Now one could conclude what from you said above that you should never disclose your code to the public. Not a bad conclusion, but not for everyone.
Obviously, none of that applies to private (non-public) use of github. There you have to trust Microsoft. Which I personally don't very much either, just like you. But then, I don't upload my valuable source code to github, never have ... before they were owned by Microsoft, they were not particularly trustworthy either.