Comment 33 for bug 1767402

>But then the hashsum check does not provide significantly more security
>than just downloading the file via https.

Hadmut, https doesn't mean connection secure, because we can't generally trust the server PKI, and that link used to be in http only since some months ago. A double check of the hash doesn't hurt.
I might consider removing it if I feel comfortable, but right now with all the sslstrip and ettercap plugins around, this might make security worse.