I think, that almost all smart contracts are published on GitHub, but that doesn't make them more trustful.
You probably know that the majority of the investors don't know how to read the code. Even if an ICO doesn't publish their smart contract, it would be better to read the white book of the ICO, to check their webpage (if there are any phone numbers to call, emails, address etc) and check the names of the team. Do they exist? Do they have a profile on Linkedin? Any followers?
If you search this forum, you'll find more information.
Does a good Github and a publicly written smart contract give you any assurance regarding the legitimacy of an ICO? How? Does a project look more legit by having it?