Compromising a page doesn't necessarily have to alter existing content. It would be easy to add a "Download Preview Build" link pointing to a trojan, add links to a fake kickstarter, etc.

Yes, a MITM can do that.

And could still do the exact same thing if they had TLS: get the page, add crap, and serve the result (albeit without TLS).

You know, I've never really realized that before. It's actually a pretty huge security hole for average users, no? There should be a way to explicitly forbid non-encrypted connections on a DNS level.

That's roughly the purpose of HSTS, but you need to have visited the site at least once first (or in the case of popular sites, HSTS status of a site is shipped with the browser.)

People who are encountering this for the first time might want to look at

http://www.thoughtcrime.org/software/sslstrip/

for some of the motivation!

A technical user could reasonably be expected to look for https before downloading 'preview build' or something equally payload-ey.

Then sigh and download PuTTY anyway...

It's information leakage at its finest.

HTTPS still leaks the domain name, so that wouldn't help too much. (Unless you meant some other information?)