balenaEtcher v1.5.24 default permissions

After downloading and extracting the latest etcher .appimage, I found that it was executable ‘straight out of the box’.
The Appimage site itself still shows that you need to chmod to make it executable, and from my (admittedly very limited) view, this seems best practice from a security standpoint.
Is this correct or merely an oversight?

We want it to be executable so the users don’t have to chmod it. That’s why it is distributed as a zip file (to keep the +x flag).

Thanks zvin, it had me a little worried that i’d downloaded something that had been tampered with (as I expected the pkg to need the mode change).