@Sage, I 100% agree the wallet should be signed, but in the mean time, really, don't let that stop you.
As it stands today, the kind of attack you're worried about is EXTREMELY rare, as all the parties capable of executing it would risk a very likely chance of being detected (something they're not in the business of being).
That sort of stuff is usually precise and targeted.
If you download the wallet from a few different locations and come up with the exact same checksum, chances are extremely, extremely unlikely that your session got hijacked by someone with the ability to inject a valid TLS certificate just for you.
Remember "they" can't see which download you're requesting from GitHub, as it's TLS-secured, so "they"'d have to MiTM *ALL* of the connections to github.com (obviously not going to happen as by then it's pretty much guaranteed the attack will be detected).
If *you* get targeted, then simply put, there is no way that if you do this from 3 different locations that it can be correlated and traced back to you.
If you worry at that level, then you ought to worry that whoever put the binaries on GitHub has been compromised without their knowledge, and the public software available for download is actually trojaned -- this is FAR more likely than your connection being mitm'd 3 times, yielding the same trojaned binary all 3 times, from 3 different locations, indicating that there's actually a country-wide attack against github.com going on (remember, without access to the private key for the TLS certificate for github.com, network observers can't actually tell what you're doing over github.com)
You could also try compiling the software yourself, at least on certain distros of Linux it's not a big thing, if you can follow (simple) technical instructions.
If you're so worried about this stuff, then I hope you have a great plan for storing your wallet seed and how to securely have a thousands-of-characters random password in place!