I want to migrate my webapp from cloudfoundry to heroku. But there is still one thing i'm confused about.
Everytime you want to deploy your application to heroku, you've to push your source code to their git repository. How secure is this repository? What if i don't want to give my source code into someone others hands?
What's your opinion about that?
You aren't understanding how interpreted languages or hosting providers work. If you're using an interpreted language like Ruby, you need to have your source on the service platform. Even if your code is compressed, obfuscated, or byte-compiled, it has to be on the service platform to be served up, so this is going to be a problem for you with any language or hosting provider.
You're also not understanding the nature of byte code. A byte code interpreter can read your files. In addition, there are Java decompilers out there to turn byte code back into source code. A search Stack Overflow will show you posts discussing Java decompilers. Unless you think "security through obscurity" is useful, you should probably stop thinking of your byte code as secure in any meaningful way.
Git repositories on Herku are not public repositories like you'd find on GitHub. It's no less "safe" than transferring your files around by any other means, and certainly more secure than the usual FTP uploads on many service platforms.
Security is always a trade-off. It's definitely important, but unless you've defined a better threat model than general distrust, you won't be able develop adequate controls.