Don’t give this guy so much credit. He’s blowing this out of proportion. Everyone and their uncle has seen the evidence of the UI’s web interface being loaded (and failing to load). The fact that its an HTTP request as opposed to HTTPS only puts people who’s network connection has been subverted by Mallory (a generic malicious attacker). If Mallory already has control over your network, you’ve got much bigger problems than some PUBG phishing attack. The other avenue of attack requires Mallory to have a certain level of control over your machine via a virus… which again, would pose problems far more important that a PUBG phishing attack.
The lax level of security in this instance doesn’t pose a threat to people who aren’t already hacked either on their machine or the network they’re connected to. /rant