I would be willing to host a mirror of the executable and I'm sure others would in a similar fashion. The big issue is making sure that all the hosts are trustworthy enough not to compile a trojan version and upload that. One solution is to post the SHA-1 checksum of the legit exe onto the official site, but many people would likely ignore it.