Apple left App Store open to attack: Google researcher

We need a researcher to tell us that non-HTTPS connections are MITM-able? Or did he simply Wireshark it and notice it was HTTP instead of HTTPS? Or am I simply expecting too much of zdnet?