Well, it is not the software's use non-cryptographic code for cryptographic applications.
I'm referring to use cases specifically like SparkleShare, By the way. Git-based Dropbox-like file synchronization tool.
It's arguably a major Bug in Git if the Git software keeps track of an object Solely by Hash, and lazily assumes that the Hash
uniquely identifies a specific version of the file, And that assumption turns out to be false, and data corruption or tampering can be caused as a result.
HOWEVER....... Arguably Git does not carry a promise that the software is Durable and Safe outside of its intended use cases. Sometimes it is valid for software to carry disclaimers, such as: Please check that your object is not malicious before checking it in.
That actually begins to become unreasonable, when Git is being used by a larger and larger development teams, however..... the chance that someone wants to try something funny greatly increases at some point, and the chance of a mistake occurring increases with larger volumes of source code being managed and updated and committed in on a daily basis.