Thanks for the links, I did not know it was hosted on avast.com too (as the main avast page redirected me to another site without asking for my preference).
However, this does not really solve the issue. HTTP is not secure. I would have thought avast would provide a way to authenticate the downloaded file, whatever the download source, through a secure protocol (https, on the avast site). Maybe I'm wrong though.
I know it is unlikely that someone manages to distribute hacked versions of the anti-virus (for example through a "man in the middle" attack of the avast website?), but as far as I know it's possible. That would allow the attacker not only to install a malware on user computers (that could steal passwords etc.), but also to do so completely undetected since the false anti-virus would of course not report itself as a virus, and users would think they are protected. Or maybe I'm wrong and such an attack is not possible, in which case please tell me how.
EDIT: I just tried changing the protocol in the download links you sent me (https instead of http), and it works :-) So It's good for me. It's probably heavier for avast hosting to send the whole installer on an encrypted connection than just provide an MD5 or SHA1 key, but that's their problem... Thanks.