Sorry, can you explain why? If the checksum is provided (as part of the sh snippet) by the website with the SSL certificate, isn't that enough reassurance?
If the snippet and the download are on the same site, then whoever controls that site at the moment can provide an accurate checksum of whatever malware they want to host. A signature is an improvement because it can give you some confidence that the current controller is the same as the original controller.
