Maybe you should sticky this?
There's a stickied thread regarding verification in Begginers & Help. I'm not sure about making this one sticky as well. I guess putting in on temporarily wouldn't harm.
Potential drama or is this something really serious?
General rule: Better safe than sorry.
I am not sure why no one suggested this before, but maybe the best option is to forget about 0.13 ver and don't upgrade Bitcoin Core at all?
This isn't a solution of any sort. You're mitigating the upgrade process; there's nothing that prevents this from happening from the next major release.
to my knowledge since they are uploading the binaries on https://bitcoin.org unless their ssl keys are not compromised there is no way of messing with the uploaded files. right?
That's a common misconception. SSL is secure if all of the 'pre-conditions' are set (e.g. server key is not stolen). Look up the term "dSniff" - this was the first public implementation of MITM vs. SSL (IIRC).
for example, if the devs upload the file to Google Drive, wouldn't it be safer?
If we are talking about state-sponsored attacks, what makes you think that Google would be safer?