HTTPS is only useful for protection against malicious third parties, as well as for a small boost to user privacy.
While you are obviously correct here, the third party scenario is a decent rationale to move to HTTPS. I do agree that the benefits wouldn't be massive, and that it could/should be treated as low-priority, but it's an improvement nonetheless.
Plus, you know I love to butter Google up.
I don't mean to speak out of line, but I tend to agree with Parsifal (or whatever the hell he calls himself now), if it's just downloads, what are you going to gain by encrypting the link? Do you have to be a member to download? In other words, is there any session data, or logins? If the answer is no, what's the point in https? I guess if the downloads themselves are questionable in nature, perhaps you'd want to encrypt it, but otherwise, it's like an open-door museum. No privileged information would be captured by a third party because it isn't being transferred.
Edit:
That said, https always looks better. Especially when the end-user (non-techy) is being taught https means your safe. But that involves having to request a new cert (probably costs you some money), then you have to install it. Not a huge deal, but you'd probably want to install the new cert on all your hosts, so it's just a pain when you have other shit you have to do... like backups, and updates.... and morons who ask for stupid shit.... <- ok that's just some tech-support-rage coming out, but I'm cool....