Nothing groundbreaking here. This also applies to downloading anything over unencrypted connections. Also, checksums.
Not surprising, but ludicrous in 2014. I believe the author point was “you guys should fix this since is not so complicate, and nowadays we do expect even any stupid blog to be on https”.
It is clear how someone doing a MITM to the dev team in a big company can affect by cascade a lot of users.