== Ask Yourself Whether

* Application data needs to be protected against falsifications or leaks when transiting over the network.
* Application data transits over an untrusted network.
* Compliance rules require the service to encrypt data in transit.
* Your application renders web pages with a relaxed mixed content policy.
* OS-level protections against clear-text traffic are deactivated.

There is a risk if you answered yes to any of those questions.