This is more of a question for the Networking discussion, but I can answer here sense it also may be applicable to Apple Pay development. All apps submitted for review to the app store must adhere to the App Transport Security guidelines on Apple platforms. It is best practice for any network traffic to be secured using HTTPS and to preventing using insecure network connections. If you plan to allow arbitrary loads you will need to provide justification to the App Review team.
For more information on this, see this post.
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com