If your installation of Team Password Manager is publicly visible (meaning that it can be accessed from any computer connected to the Internet), HTTPS is a must.
Team Password Manager data is transported on the clear from the web server to the browser, relying on HTTPS to carry out the encryption between these two components.
If you're not using HTTPS, anyone listening between the web server and your browser can clearly read all the information that is passing by. If you're using HTTPS, all is read is gibberish.
On the Heartbleed Bug
Team Password Manager does not use the OpenSSL library and thus is not affected by the Heartbleed Bug.
You should, though, check if your operating system server software is affected and fix it if it is.
For more information on the Heartbleed Bug check: http://heartbleed.com/
