There have been serious security issues with the integration of pdf.js into Firefox in the past, so it may actually be more secure than Firefox's built-in PDF viewer.
If they're not able to make it silently download and execute remotely without me interacting or being aware, I feel they're not doing their jobs as black hats.
I try to use "copy" in an inflationary way, to remove the negative stigma associated with it.
Our entire floss community is based on forking an existing project, improving, and sometimes merging again, and the entire history of innovation has been based on this copy-transform-combine cycle, too.
It's not "coming out of Black Hat". It's coming from Alex Ionescu, via his GitHub account. You have an identifiable person with a known reputation here, not some unidentifiable person hiding behind a pseudonym.
The problems that you have are quite different ones:
* Knowing that https://github.com/ is the real GitHub. If this is a problem for you, then you have more serious and urgent problems than viewing a PDF document. (-:
You shouldn't be. The speakers are paid, the conference concentrates on professionals, and it would be extremely bad form for a presenter to hack participants. The people who run these conferences would take such a threat extremely seriously and you can bet law enforcement would be notified and very well informed.
To the point that I would trust a PDF from BlackHat _more_ than I would trust one from any other scientific or professional conference.
EDIT: See child comment, GitHub preview is fantastic! Slides have a ton of great info.