I was also interested in that... it looks like HTSP uses SHA1 based digest authentication.
So the complete traffic/stream is not encrypted, but the password during authentication . This should be somehow "secure enough", depending on the password complexity. Especially simple replay attacks like with basic authentication are not possible.
Hope I understood it correctly. :D
Best regard
Diddle.