All the connections to the update server are still done in HTTP.
It should be updated to HTTPS.
Proof:
This is a security risk and should be solved ASAP. Thanks