Worst case scenario is the HTTP pixel request tells attackers that there is a verification chat happening.

HTTPS the attackers know a conversation is happening, but no idea what

But, I personally think the threat is being overblown (I am happy to be corrected though)