Dear Madams, dear Sirs, quite all web-pages of "debian.org" (even the "forums") are available through secure-http (https, port 443), but your repositories on "debian.org" (especially "http://security.debian.org/" !!) are not! Why?? Beside vulnerabilities in "apt", it is not less important, that an established connection for (security-) updates is secure and non-readable by third parties.
It's a shame, that notably in countries like Germany and Austria(!), where spying by government and organisations is practised in such an enormous extent, Debian doesn't provide port 443 on their repository-, and security-update-servers... Best regards Zeiha (male)