> In the same way as walking to the bank is dangerous because any party on the way can rob you on the way?
To make this analogy more fitting, you'd also need a big sign around your head "going to do some banking, carrying all necessary credentials, cannot tell legitimate bank from fake bank".
Imagine a major weather event is coming and a warning banner shows on the weather site telling you to stay off the roads. But some carelessly injected ad covers it, or the injected CSS makes it unreadable. You don't see it and suffer a crash.
Government communications should not be subjected to arbitrary modification by intermediaries. Ad injection on HTTP is (or at least was, when unencrypted HTTP was popular) common. It also raises the concern that the ad will appear to have government sponsorship, which invites scams and other malvertising.
A government agency should seek to communicate information with the public, especially safety information, via an untamperable communication channel.
As a site its considerably less authorative than you seem to believe; people get weather warnings here in Australia from the TV, from the radio, from apps on their phones, from looking outside and seeing weather fronts rolling in.
Few people actually directly visit the BoM site, those that do are generally long time users familiar with the site using the usual array of adblockers and noscript, unlikely to fall for "Click here" injection attacks, and more likely to have a direct fibre | line connection to a major ISP to BoM with little chance for malicious injection in any case.
The risks are understood and doomsday scenarios have yet to occur after nearly 40 odd years online as a non https site.
I regularly visit: www.bom.gov.au/<mystate>/forecasts/<mytown>.shtml
It either shows me the forecast or it doesn't.
To date it's always worked - if one day it doesn't I might have to look out of a window.