In a world where your ISP and government are not out for your best interest, you cannot be careful enough.
Why are the default sources for Kali insecure? (http)
Why isn't apt-transport-https installed by default?
Why aren't the Kali repo's certificates correctly configured?
This is very dangerous and irresponsible on your end, with millions of users trusting your software to be >>> safe <<<.
Source (research danger of insecure sources): https://isis.poly.edu/~jcappos/paper...ror_ccs_08.pdf
Unless...?
Please enlighten me.