If I use HttpClientCredentialType.Basic as ClientCredentialType and I only need wcf authentication for security, should I worry about certificates and https?
If you do not use transport security, then basic authentication can be sniffed.Thus, it depends on how secure your application will be.
HttpClientCredentialType.Basic means that you send your username and password almost in plain text. You should never use it without transport layer security if it is a production code.