[dale_huevo]

If you think HTTPS is performing code validation I have news for you.

HTTPS only guarantees the packets containing the unverified malicious code are not tampered with from the server to you. A server which could very well be compromised and alternate code put in its place.

You are drawing an egregious apples-to-oranges comparison here. Please re-read what you said.

You could serve digitally signed code over plain HTTP and it would be more secure than your example over HTTPS. Unfortunately there are a lot of HTTPS old wives' tales that many misinformed developers believe in.