There's been significant work on a new Hackage server Real Soon Now. Matt worked on it for summer of code. Take a look at his blog: http://cogracenotes.wordpress.com/
There's been thought put into managing contributor logins in new and better ways, but not yet into verifying the authenticity of downloads.
Https support, on the other hand, is slated to be part of hackage 2, as I recall.
Signed tarballs sound potentially useful, but there just hasn't been work done to think about implementing them. Hackage is open source, and it would be helpful to either get contributions, or even just carefully thought through feature proposals.