They use 1024bit DSA with SHA1, it is not cryptographically secure! Thus they would really benefit from HTTPS, it would provide another layer of protection against tampering.
Oh and we haven't even addressed that their "secure signing" doesn't also protect first installs that could be insecurely downloaded.
Most Debian mirrors support https. But HTTPS alone does not help you vs fresh connection if it is a rotating certificate like Lets Encrypt that has a dubious authentication chain.
Egypt or Turkey can issue valid fake certificates so you would have to check it if it's not one of those.
Oh and we haven't even addressed that their "secure signing" doesn't also protect first installs that could be insecurely downloaded.