Why would you be willing to download a PDF via HTTPS but not HTTP? If PDF's can be dangerous, then they can be dangerous regardless of which server they are downloaded from. Am I missing something?