the one flow I can think of where it might break is if you lose your connection mid-delivery of the file, although I have not tested this. Could execute half a script.
But yes I agree, if you don't trust TLS, we might as well just deem https in general insecure.