It does create a MITM vulnerability, the question is just whether it matters or not. With HTTPS a third party will only know which url you're accessing. With HTTP they can see exactly what data is transferred and can modify that data at will.
So adding HTTPS here accomplishes:
hiding which exact page of the hacker's dictionary you're accessing
hiding the exact contents of the page
ensuring that this page doesn't get modified in transit
None of these are really an issue, so using http in this situation is fine. In general though, I'd consider not having HTTPS as a bug for most sites, unless you're extremely resource constrained on either side of the connection and you think carefully about the security and privacy implications
Typescript saves ridiculous amounts of time in bugfixes and is IMO a lot more readable than JS.
I don't know how many times TS has complained about some type mismatch in my code that made me scratch my head for 2 seconds to only then realize I was doing something stupid. With plain JS that would've been no issue, until I have some obscure bug 30 minutes later and have to figure out it's source.
Also, whatever piece of code you are working on, to do anything you have to have the types of your variables/functions in mind. If you have to keep track of all of them in your head, you will definitely mess it up at some point or have to look through a bunch of different methods/files to track down the source of some piece of data to be certain what's contained in it.
So yeah, TS might take slightly longer to type out, but it saves you a lot of dev time.
Depends on your eslint config, but yeah that's an option.