Both HTTP Basic and Token Authentication are secure when used over HTTPS. I updated the article to include a note about this as well as updated the code examples to use HTTPS.
HTTPS is only secure if no client credentials are stored on the client, e.g. hard coding a username/password pair in a mobile app. If a user needs to supply a username and password it would be OK I guess..