Security of the site that generates tokens

he site for token generation looks like another one (offered by the company found in the “provided by” mention at the bottom of the page)

Since none of these sites are served over https, nothing prevents from a Man in the middle attack. An attacker could get the tokens generated for a given email address.

Could an attacker benefit from knowing one’s tokens (maybe he could search for the tokens and detect the traps, allowing him to keep on spying without being busted)?

Even simpler, couldn’t the attacker “download” the content and view it offline to prevent the alerts to go off?

Consider means, motive and opportunity. Because there is no HTTPS you can discover a token through MiTM but it provides nothing of any real use other than for trivial messing about.