Since your students are using passwords that they use for other services, it's important to use https with the WeBWorK server. If you use http, then student passwords are being sent in plain text over the internet.
Regarding ldap vs. ldaps, the first comment is that encrypted traffic is always better than unencrypted, so if at all possible you should be using ldaps. As for the risks of using ldap, it partly depends on your network configuration. If the WeBWorK server and LDAP server are both on the same secure network, then there is little chance of someone intercepting network traffic containing passwords. If there are any public networks between the two servers, then you really need to be using ldaps.