TL; dr
Because of some serious mistakes, Raspbian security has been unnecessarily compromised for many users. However people who know what they're doing can still use Raspbian with some peace of mind. If they trust the Raspberry Pi repositories after this.
1. Make sure you check the hash sum of your RaspberryPi distro downloads that you obtain from the HTTPS raspberrypi website.
2. Don't add any APT keys obtained from HTTP sources.
3. Decide if you trust that Raspberry Pi will/have taken simple, but necessary security precautions, given the exposure of their untrustworthy or incompetent security practices of distributing APT GPG keys insecurely.

The issue was raised on their forum
Instead of facing the issue, a moderator swept the issue under the rug by putting it in the bottom forum, "off topic" and locked the thread, so it's going to fall away into oblivion.

Resolution
Will Raspberry Pi address these simple to fix, but severe security shortcomings? Will they respond?
Perhaps someone would like to contact the Raspberry Pi foundation for comment?

Incase they delete the thread entirely, it's available at archive.org as well.

You're talking about their method of distribution, not the Linux distribution, so your "Raspberry Pi is a fundamentally insecure operating system" statement seems rather sensationalist to me. Still it is good you reported to them that they should step up security.

unSpawn: Many people acquire and update their OS via insecure methods, after that their OS is insecure.
Raspberry Pi infrastructure currently supports MITM attacks.
If RaspberryPi implements my simple suggestions, such attacks would be greatly reduced.

If the RaspberryPi repositories prevent users from downloading their GPG key from HTTP, (and display a warning instead) then people can't post suggestions like
wget http://raspberry-foo -O - | apt-key add -
Because people will reply saying it doesn't work.

If someone is being subjected to a MITM attack, they will of course find that their request for a GPG key via HTTP succeeds (because their request will never even reach the RbPi server). But in general, the widespread effectiveness of such an attack is reduced.

---

Easy method to perform MITM attack on any Raspberry Pi user who is not a security expert:

1. Perform an MITM attack whenever your victim(s) try to do an apt-get update or apt-get upgrade. They will get errors saying hash sum failed, etc.
(this happened to me)
2. They will google something like "raspberry pi hash sum failed"
3. They will click on the first google search result: https://www.raspberrypi.org/forums/v...p?f=28&t=65062 (up to 2780 people owned)
4. Someone on the RaspberryPi forum (conveniently with 1 post), helpfully tells your victim(s) to update your GPG key using an insecure HTTP request.
5. They update their GPG key via HTTP and you of course MITM attack the HTTP request, and give them your fake GPG key.
6. They "successfully" update and upgrade

You own their Raspberry Pi.


===

Now that Raspberry Pi's infrastructure makes the attack so easy, and the bad advice is already in various places on the internet, the attacker's job has only 2 steps:
1. MITM the user's apt-get update and apt-get upgrade requests
2. MITM attack the GPG key request

===

Further MITM attack options on Raspberry Pi users
1. MITM attack the torrent files that are downloaded from raspberrypi.org via HTTP
2. MITM attack the zip files that are downloaded from raspberrypi.org via HTTP

(most users won't perform a hash sum check on the zip file, if it unzips, they will probably regard it as a success)
Other options would be to include a hash sum text file with the fake torrent, so they don't bother getting the hash from the HTTPS website.
Or for the zip HTTP download, nesting the compromised distro inside a zip file with a hash sum text file next to it.

===

More examples:
Raspberry Pi forum - error on update - wolfram key up to 1505 people owned
StackOverflow: apt-get-fails-with-raspberry-pi-although-ping-works up to 1956 people owned

====

Debian-Pi_Raspbian-ua-netinst GitHub Issue 64: Fix insecure downloading of raspberrypi.org signing key

If a Linux distribution facilitates validating packages via GPG keys then those keys should be loaded in the network of global GPG servers. If any adversary is going to compromise them all then we've got way more important problems. So even if anyone loads packages over non-encrypted conns then if they retrieve the proper key they will still be able to validate their installation, right? Ergo you're still talking about method of distribution and not the Linux distribution itself, right?


That issue was fixed in Raspbian netinstaller v1.0.7.