Hey. Why would it be best to use HTTPS?
TLS alone, with its broken CA ecosystem, doesn't give any real security... and the downloaded files have their hash sums already verified (which is the real thing that gives security and trust here) by the downloader. The only thing one gets is an additional dependency on CA certificates and problems like when certs would expire. Cheers, Chris-