I have another proposition:
There should be a site, like
https://www.bitcoin.org/signatures where there are SHA1/MD5/SHA256 signatures of every file that is avaiable for download on bitcoin.org.
This way, there will be a 100% cracker-resistant way to know that one is downloading unmodified/unhacked files.
For now, the only way to know we have a "clean" bitcoin is to download the source, pull changes from github and review them yourself, which is probably not very good for starters/noobs.
After all,
latest events concerning Facebook & Tunisia government, show that it's not very hard to imagine governments or ISPs modifying bitcoin binaries to place trojan horses in them.
What do you think ? This shouldn't be verry hard to do - i mean how hard it is to setup a single static HTML page on HTTPS ?