You're almost completely right. The only correction is that they are hashes of the whole file.
Sometimes, files can be corrupted during download whatever way is used to transfer them. Hashes are there to make sure that the file is intact. This is especially useful to users with bad Internet connections. Back when I was using fax modem, I'd often get problems with corrupt downloads.
Some download managers (like GetRight, if I remember correctly), can even automatically calculate the hash of the file and compare it to known value.
Another interesting point is security. A potential problem with open source tools is how much you can trust the distributer. Often programs such as Eclipse are the main tool used by software companies and therefore it is extremely important for them to move from the developer to the user intact. Since programs are open source, it is possible to for example make infected version which would look normal, but leak source code to some remote server or infect programs made by the software with a virus (I think this actually happened to some version of Delphi) or something similar. For that reason, it is important to have official correct hash which can be used to check if the distributed file is what is claims to be.
Some thoughts about distribution channels. Often free software can be found on large amount of sites and most popular sites like SourceForge, for example have large number of mirrors. Let's say there's a server in Barland which mirrors a large software distribution site. FooSoft uses the program distributed by site and they are in Republic of Baz which is right next to Barland. If someone wanted to infiltrate FooSoft, he could modify just the copy at Barland mirror and hope that geolocation software would then make sure that FooSoft gets the modified versions. Since versions from other mirrors are fine, chances are lower that malware would be detected. You could also make malware detect computer's IP address and activate only if it's from a certain range, and that way lower chances of discovery and so on.
1+1 It is also used for security reasons, i.e. infected files... – BloodPhilia – 2011-01-02T15:18:00.840
@BloodPhilia Indeed. I was just writing about some security reasons. – AndrejaKo – 2011-01-02T15:19:30.150
Thanks! I figured it had to be something along those grounds, but couldn't find a solid answer anywhere else. – Zac – 2011-01-02T15:20:58.150
3Nice Answer ;) – BloodPhilia – 2011-01-02T15:43:00.807