The download links are not a part of KaOSx website, and therefore have nothing to do with this website. You have to contact the owners of the mirror if you want them to implement that.
Also, it's not really a security issue. It's just a ISO file you download, nothing else. It has absolutely nothing to do with the installation itself. Fake ISO's is not prevented using SSL, Hypertext Transfer Protocol Secure is just a protocol to encrypt data sent from server to client, it doesn't verify the content itself. That's what's the SHA256SUM is for.
The entire Linux community if user driven, it's up the the user itself to verify that the source used is legit.