So.. you haven't heard of automated MITM executable-patching (infecting) solutions? I believe I read about them a couple of years ago.
Once implemented, it's much easier than hacking servers and more convenient to do targeted, semi-targeted, local network/cafe script-kiddie attacks, without it being easily detected. Unfortunately for attackers, these days people don't download and run unverified executables as often, especially over http, so you may need lots of patience if you want do infect a specific person.
I would really love some data (or good reasoning) on how server attacks are overwhelmingly more likely, so much so that the false security impression increases risk.
MITM executable patching attacks are not theoretical. AFAIU, the first hit on "mitm executable infection" [1] and an interceptor (ARP/wifi/whatever) is all a script kiddie needs.
To me, the fact that the server being exploited to deliver bad binaries is a possibility is reason enough to be cautious, and to therefore not regard them with any more credibility than if they were delivered over unencrypted http.
Once implemented, it's much easier than hacking servers and more convenient to do targeted, semi-targeted, local network/cafe script-kiddie attacks, without it being easily detected. Unfortunately for attackers, these days people don't download and run unverified executables as often, especially over http, so you may need lots of patience if you want do infect a specific person.