As reported here (https://vulnsec.com/2016/osx-apps-vulnerabilities/) many OSX apps using the sparkle framework are vulnerable to a MITM attack when performing a system update.
The transmission servers already support HTTPS, so I think that all this requires is editing the info.plist to use HTTPS instead of insecure HTTP
Hacker News discussion
https://news.ycombinator.com/item?id=10995802