A privileged observer would easily know alot of system detail by inspecting my communication with the debian apt servers.

For example a large scale automatic penetration system would be able to automatically detect vunerable systems while they are downloading the required updates, and attack them before the update has been installed.

Debian implements checksums and gpg signatures in order to verify file content sent in the clear, see https://wiki.debian.org/SecureApt

The same seems to apply to Ubuntu.