User blog comment:TimmyQuivy/HTTPS Next Steps: URL Changes for International Wikis/@comment-35982440-20180722042133/@comment-27345308-20180725234339

Yeah, that's true. Somebody who knows how to and does intercept insecure HTTP requests to Wikia, steals the access token from them and sets it on themselves would most likely also know how to vandalize a wiki... efficiently. Though, I've never seen cases of that, probably because vandals are either not smart enough to do that or not in a position to intercept HTTP requests administrators are sending.