Remove ability to download index.xml, only allow index.jar
Although the server will need to continue publishing index.xml files for old clients that don't support index.jar (and haven't/wont be updated), there is no need for the client to support downloading index.xml files.
One possible reason I see is to make development easier (e.g. I have a HTTP server on localhost, where I can manually edit the index.xml file with a text editor). So if this is still desired, perhaps the option to update from .xml files can be moved to "Expert options" in the preferences screen, and turned off by default.
The way it currently works is to download the index.xml file the first time it access a repo (which doesn't have a fingerprint specified). This xml file contains a public key which is used to verify the .jar which is downloaded is signed by the right person. However I guess this doesn't really matter very much, because if somebody has taken control of the server which serves the index.jar files, they have probably also served up a customized index.xml with a dodgey key.