It seems I forgot to forward this when it blew my mind the first time. If you still need a reason to not download binaries from http:// URLs, this is it:
The Case of the Modified Binaries
While SourceForge is another story, they are an example of a website offering binaries through plain http://, e.g. http://downloads.sourceforge.net/project/filezilla/FileZilla_Client/3.13.0/FileZilla_3.13.0_win32-setup.exe. Oh my.