Well, I think you might be misunderstanding this a bit. What happens is that you download a compressed application and that is signed by Apple to prevent tampering, I assume to prevent XcodeGhost-like malware. The issue is that 1. this only tells you that the file you have came from Apple but not what it contains and 2. Xcode is massive and downloading it, verifying it and then uncompressing it to run it and check its build number takes ages: you could have a gigabit connection and a 18-core iMac Pro and you’re still looking at half an hour from opening the developer downloads site to being able to check to see what you just downloaded. When Apple messes up their labeling/caching/whatever you can see why a SHA would be extremely useful, as I know people who repeated this process multiple times through the day in hopes of getting the build Apple claimed they should have. (Eventually people started spreading hashes, not verifying the archive, and sharing it around via file hosting sites like Dropbox, which totally defeats the point of all of these things, so good job Apple on making this process so annoying that people will just jump through the hoops to bypass it.)
Not for beta releases of Xcode, since they’re only provided through the developer site (not the App Store) and you have to download a full installer every single time.
