In light of the recent security issues with RubyGems, I think it would be a good idea to look at how Ruby itself is distributed. 

Currently the main place to download Ruby source distributions is http://ftp.ruby-lang.org/.

These downloads are run over cleartext HTTP and are unauthenticated.

SSL should be considered for this host so users downloading Ruby can have some assurance that the distribution has not been tampered with.

I think eventually SSL should be mandatory, although I'm not sure if this would break software like RVM.

Cheers,

Charlie