Keys are generated locally so there is no need for SSL. It's true someone could theoretically make man-in-middle attack, but SSL wouldn't help, because man-in-middle could easily bypass it.
If you are paranoid, download Git repo and run it locally.