What are the real world chances that someone would steal his identity?
Running a MITM attack on an HTTP connection when on the same LAN is basically trivial. ARP is not designed to be secure. Some high end switches provide reasonable mitigation, but it is mostly pretty weak on anything that is not fabulously expensive.
There is an employee complaining that he doesn't like sending his credentials in plain text over the network and that he cannot take responsibility for his network identity in such case.
If the guy is accountable for actions that are taken with his credentials, it is unfair to not take reasonable precautions to protect those credentials from other employees. They might be safe from external actors due to network isolation, but that is probably not what the guy is worried about...