Sure HTTPS wouldn't help if an attacker had the cert for the OCSP server, but I feel like that is rare to happen compared to other certs being revoked and I believe there are privacy / anticensorship benefits you ran get from https.

To me it seems simple to just skip an OSCP check compared to having to use HTTP.