By default, remote-viewer first connects to insecure port and only switches to TLS when server requests/requires it when native spice client invocation method is used. An attacker on client local machine or on the router on the way can easily set up a MITM Evil Proxy that would pretend to be endpoint of plaintext port from client POV and it would act as a regular client to the server. Acknowledgements: Red Hat would like to thank Michael Samuel of Amcom for reporting this issue.
This issue has been addressed in following products: RHEV Manager version 3.3 Via RHSA-2014:0038 https://rhn.redhat.com/errata/RHSA-2014-0038.html
Both trackers are closed, closing as handled.