I have discovered someone tried to break into my GitHub account (you can check yourself by going to https://github.com/settings/security-log and looking for "failed to login" attempts for potentially odd geographical locations for yourself). CPython probably would have been the biggest target for them had they gotten in (my work stuff is all open source and it would have required breaking into another account). But GitHub has a completely unique password and MFA turned on, so they were unsuccessful.
Please make sure you have a unique password for your GitHub account and that you have 2FA/MFA turned on (I honestly think we should start requiring this; I'm sure we can get money for folks to get security keys). Other languages like PHP have been successfully hacked ( https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-aft...), so this isn't a hypothetical anymore that we would be targets for folks who want to install a backdoor into one of the world's most popular programming languages and is now mission-critical for a lot of massive corporations and governments.