I haven't read this interpretation of the Arctic Vault project - presumably most users of GitHub are okay with their code being reproduced/backed up across many production servers for fault tolerance. Making an 'extra special' long-term backup in the Arctic Vault doesn't seem like a meaningfully different action to me - i.e. using a cloud-based host is essentially opting in to this kind of 'license violation'.

If they had taken one of their existing DB/disk backups and called it a vault, would that have been an issue?