There is the situation where --no-check-cert is implicitly set (.wgetrc,
/etc/wgetrc, alias) and the user isn't aware of it. Just downloading without a
warning opens a huge security hole because you can't verify where you
downloaded it from (DNS attacks, MITM).
I leave it to your imagination what could happen to people in unsafe
countries... this warning could save lives.
For an expert like Karl, this is just annoying.
The warning text could be worked on, makeing clear that you are really leaving
secure ground, that cert checking has been explicitly turned off and how to
turn it on again. And only proceed if you really, really are aware of what you
are doing.
Of course all this applies to HTTP (plain text) as well. But someone
requesting HTTPS and than dropping the gained security should be warned by
default.
My thinking is a pessimistic approach, but as long as you can't be 100% sure
that bad things can't happend due to dropping the warning, we should leave it
(and improve it the best we can).
Tim