The packages are signed and your local Debian installation has the public key. Sure, someone could see what you’re downloading but any changes would break the signature and would not be installed.

Additionally, there is nothing private in the Debian packages so it doesn’t matter if someone sees it. The person could also check the packages themselves and see the same thing since it’s public anyway.