>>4
Github employs user authentication and keeps the user authenticated with a cookie that is transmitted with every request. Without SSL the cookie would be traveling in plain text and could be intercepted and authentication could be faked.
The bottom line is that EVERY site that keeps the user authentication should be fully HTTPS. The only reason some don't is because the computational expense.