Secure protocols like HTTPS were invented because you have no control over how your connection to a remote server is routed, so you have no control over whose machines it gets routed through. Therefore you should assume it's insecure and act accordingly. That means using encrypted protocols for anything important.
You should assume that the authorities (such as GCHQ) are tapping into the service. It's supposed to be secret, but it's not a very well kept one. If you're connecting to an overseas server, then who knows which agencies are listening in.