Download link is vulnerable to MitM attack

I was just looking at http://minecraft.net/download , and thinking about how I could trust the executable I download. the page links to https://s3.amazonaws.com/Minecraft.Download/launcher/Minecraft.jar .

The page http://minecraft.net/download is HTTP, so an MitM-attacker who can modify the page could have full control of that page.

The pages links to https://s3.amazonaws.com/Minecraft.Download/launcher/Minecraft.jar , which is https - but that does not really make it secure to download and run. How can I be sure that the root bucket "Minecraft.Download" is really owned by Minecraft? I could create an account with Amazon right now with a plausibly-named bucket with a malicious binary. Unlike DNS, companies are not expected to register all plausibly-sounding domain names. If the page http://minecraft.net/download which linked to the binary had been https, then linking to a non-obviously-minecraft-owned amazon URL would have been ok.

Ignoring the amazon aws link, and hypothetically assuming that the link had been to the mojang-controlled https://www.minecraft.com/Minecraft.jar . How do I determine where the link really leads to? When I hover over the link, Chrome shows an overlay in the bottom left link corner saying "https://www.minecraft.com/Minecraft.jar" - but that is shown inside the HTML-controlled browser window, so a malicious page could fake it. View source shows the page before OnLoad Javascript could have modified it, so that doesn't work. Using a browser inspector such as FireBug to inspect the link could work, but I am guessing that a global OnClick handler could catch the click, and change the href target - it doesn't seem very safe.

Right-clicking the link, choosing copy link location, pasting in a new browser tab address bar (now that JavaScript is disabled), inspecting the address, and then pressing ENTER should be safe.

But it would be much simpler if the original http://minecraft.net/download page had just been HTTPS, so I could just click the link.