GitHub isn't really comparable, since their business model is to get you hooked on the free version for open-source projects so you'll convince your company to purchase the paid version. I don't think charging for service is something which is on the table right now (especially considering things like the Danish labour laws). :P
Alright, then look at BitBucket or any other GIT host out there. My point is that the groups that are spearheading the open source movement still provide space for private projects. They are an important part of the ecosystem.
It has a value, but implementing it properly also opens up a new can of worms of issues (like whether private add-ons should be reviewed or not, and what kind of privacy should be expected for them). It might be done, but it shouldn't be a focus right now.
I don't really see the can of worms. Private add-ons should not be reviewed because they are private, that means only the people who they say get access should have access. Security is mostly unimportant because of the small sample size, if you hide the add-on from the add-on browser people who may be on the list but don't know what it is won't find it without a link, at which point it'd be the same scenario as Dropbox or any other program. And it's also not really hard to implement private add-ons, I'm sure it could be written into your system in under an hour. If you were particularly worried about security, you could even have it run through your auto-checker and if it returns any serious threats (like evals) you could pop up a message that says something along the lines of "Private add-ons that make use of
Eval/whatever must be reviewed by staff for security reasons. Do you want to submit this add-on for review?" with a yes/no button that'll either send it to be reviewed or remove it from the system.