I think I remember when this was added and I was strongly against it since I don't think HTTPS should ever be relied on.
This BIP describes payment protocol messages encoded using Google's Protocol Buffers, authenticated using X.509 certificates, and communicated over http/https. Future BIPs might extend this payment protocol to other encodings, PKI systems, or transport protocols.
Everything in the above quote is utterly wrong and against my philosophy.
In my opinion, such messages should be exclusively deliver over the Bitcoin's own network, signed by the private keys of the sender's bitcoins, and perhaps encrypted using the message receiver's public key (PGP over Bitcoin). Is it technically possible? I don't know, but it should be, since Bitcoin utilizes PKI and PGP is based on that.