Strangely enough it's an intranet web service however, due to SOX Compliance we have to encrypt whenever usernames and password are being transmitted even if it's within a LAN.
But I think I understand what you're saying, if it's secure regardless we still need https communication.