Security
The RPC URL that is provided by the dApp can be an insecure http:// connection. The reason for this is because it allows for easy development with a local node, without setting up a local SSL certificate.
Especially the wallet should care about this and potentially show a warning to the user if the RPC URL is not a secure https:// URL.