Matt Odell has the most salient take I've seen yet:

we are lucky the http://bitcoin.org hacker did an obvious giveaway scam rather than silently replace bitcoin core downloads with malicious versions.

a good reminder of why it is important to verify your software using PGP