A quick note from me: This policy is all about security concerns. The theme repo is “hosting code” that is pulled by many. Restricting the hosting to GitHub/GitLab and similar makes it a little easier to control that theme we add is also the user gets etc.