A MITM attack against LuckyBit could - at worst - replace the game addresses with malicious ones.
This is a sufficient reason to put HTTPS. The attacker has a financial incentive to repllace those addresses.
There has never been a report of MITM attacks against LuckyBit.
Until it happens. But why wait until an incident happens if you already can fix the issue?