The download server whonix.de is only using http for downloads. It would be more secure (even if it is a little) to have HTTPS for download links.
The mirror whonix.thecthulhu .com has HTTPS enabled. Is it safe to assume if I download whonix and verify it regardless of where it is downloaded from, it is the proper version of whonix without any malware intended?