See my other comment, but a) it encrypts more of the packets, b) helps with validating correct server, c) encrypts even if you end up authenticating without Kerberos somehow.
When using HTTP for remoting, headers are not encrypted. But body is always encrypted when using NTLM, CredSSP or Kerberos - the GSSAPI supported protocols. If user doesn't want to use these and opts for basic auth or some other protocol that doesn't have encryption specified, https is useful.