Not sure why this is considered FUD. The thing about any DVCS is that once it is in the repo it stays in the repo.
That's true for non-DVCS too. If it's out, it's out. Doesn't matter if you distributed tarballs or Visual SourceSafe. If it's out, it out.
You have to be very careful about what is put out there in public. Given that this is git, though, I am not sure why the company does not use two repos. A private one for internal development, and a public one which has the merges from the private repo once a point in the graph clears any potential legal issues. This feature is one of the great strengths about git and github.
Well, it's going to have a social impact. There won't be much collaboration when all the company does publicly is basically code dumps.