We need a researcher to tell us that non-HTTPS connections are MITM-able? Or did he simply Wireshark it and notice it was HTTP instead of HTTPS? Or am I simply expecting too much of zdnet?

Seriously. It's amazing how many services do this. Xbox LIVE and PSN are two other examples.

Maybe its because saying 'Google researcher' is more polite than saying 'Google employee' which sounds more fishy?.