When a user verifies a Github account at
/edit/elsewhere the final result is a Github username tied to a Liberapay account. The issue is Github usernames are mutable.
Consider the scenario.
This can enable impersonation.
I suspect the issue is caused in this function:
I haven't set up my own instance to see if GitHub is indeed going through the username path but in practice I was able to set up 2 accounts as described. Change the name of the attacker to something else and then import a different account's repos as my own.