It’s not just about confidentiality (though that’s a nice benefit - see previous update pinning example!) it’s also about the integrity of the data that comes through the pipe (i.e. you get what you requested).
Sure, one could presumably check hashes from a secure site. Do they? I wonder what the ratio of binary downloads to hash downloads is for those who provide both.
Why not help provide both confidentiality and integrity by default while requiring no extra steps of you consumers instead of hoping they won’t run a binary from non-secure http without taking steps to ensure it’s genuine? It’s easy enough, costs nothing other than time, and quite cheap computationally.