In the case of compromised code, the attacker has already loaded what he wants, so loading extra code from raw.githubusercontent.com is not the issue, or our threat model. We are already compromised!
replyThe issue is that code then extracting secrets and data from your organisation, ie. data exfil.
raw.githubusercontent.com can not be used to submit data to, it's read only, but github.com obviously can.
Note, if you really needed github.com access in your application or environment, then you need to use SSL interception (using squid or a firewall) and allow certain URLs and methods ie. GET requests only from your organisations path, to make it safe.