HTTPS is not required. All data is sent encrypted with MTProto either way, so this doesn't enable anyone sniffing to intercept anything unencrypted.