The installation procedure for bioconductor may be vulnerable to man-in-the-middle attacks, because it is calling `source()` on an HTTP URL. I am not a security expert but it seems like HTTPS should be used instead, or perhaps some kind of signing of the code, and/or verifying using checksums? If the current procedure is actually secure, please explain why we should not be worried. Maybe there is something about the `source()` function that prevents these attacks, but I did not find it in the documentation. I have asked this question on Stack Overflow as well.