Hold your horses... They post the firmware, encrypted, to an obfuscated URL so that CDNs can cache it. The encryption key and location of the firmware is distributed to each car over an OpenVPN SSL VPN from the mothership.
People with rooted cars can intercept this information and then tell other people about it.
This doesn’t sound terribly unreasonable. The only thing that’s missing is live image signing that enforces a whitelist of cars allowed to load that firmware.
Distributing 1GB of truly per-car-unique firmware to a quarter million cars around the world every 2-3 months would otherwise be quite a costly undertaking.