Not a very good show here...
First of all you'll have to forgive me for being a little sceptic when there's originally only one party, Avast in this case, which warns about the whole thing. To be honest I don't really trust most of those "virus vendors" and Avast is one of them.
Even so, you'll have to admit that the FileZilla project themselves makes it way too easy for such a thing to happen. After all, just look at the Official download page. It only features a link to get the program without even bothering to mention something as checksums.
Only if you go to the additional download options do you get a link to the checksums, next to links to all the available platforms.
But shouldn't that link have been featured right on the main download page as well? I don't care that people "are always able to download them"; what if people simply forget and by looking at the link suddenly recall: "Oh yeah, should get the checksum too..."?
There's more to security to provide the means to double check; there's also something as making it as easy as possible for the end users. And that's a bit lacking in this case.