You're effectively talking about an attacker breaking https aren't you? Unless you can detail another way to get at a user's token. I'm curious to hear about it.
No. There are many ways to fish bearer tokens. Encryption in transit only addresses some of them.
Just Google for session hijacking attacks. There's a wealth of information on the topic. It's a regular entry in OWASP top 10.
