Bosse Arndt FYI the workaround is to "just ignore it" :-/
These form-validation errors (should) have no functional impact on how the plugin works once configured - they only affect the cosmetic appearance of the configuration UI. As long as you enter in the correct configuration information, you can ignore the error. All that's missing is the dynamic form validation functionality - the rest of the plugin should work just fine.
If you need the assistance that the form-validation code provides then you could downgrade the plugin, work out what configuration you need, and then upgrade again. You could even install Jenkins in a VM with an earlier version of the plugin purely to experiment with configuration options before putting in the "known correct" values into your main Jenkins server(s), which would allow you to keep the insecure versions out of your main Jenkins server(s).
TL;DR: It's ugly as hell (and should've been fixed as part of the security changes that caused it), but it's not serious.
edit#2 The changes are now merged, so you could download the bleeding-edge plugin built by the Jenkins CI build https://ci.jenkins.io/job/Plugins/job/github-branch-source-plugin/job/master/lastSuccessfulBuild/artifact/target/ by downloading the .hpi file and then using the "advanced" section of the Jenkins plugin page to upload that. That should keep you going until the next version is officially released.