please provide md5 or shaXXX hash sums for the downloads, so that at least some degree of verification of the downloads is available.
these tools are loaded before any operating system. installing unverified software at this OS loading stage make any other security measures senseless.
think of man in the middle attacks, giving you a bootloader with a keylogger installed.