check.torproject.org is available over http
I think it should redirect to https, although I honestly can't immediately think of anything useful you could achieve by MITMing it and lying to someone south of you.
If someone is just typing 'check.torproject.org' behind someone who wants to wrongly convince them that they are or are not using tor, it doesn't really matter if the actual site is served over http or not; they can just not serve the redirect that you do. If someone bookmarks it, though, they start to be vulnerable.
Might be intentional, though; do you suspect there are be scripts that don't support https hitting it?
Trac:
Username: colons