It sounds like you are confusing different issues here.
First, GET methods are not more 'disclosive' in the way you seem to mean here. You are correct that GET should only be used for retrieving information, and never changing it. But that's not related to the transport security of your GET request.
If your connection is not secure and someone is 'listening' in the middle, the CSRF token is probably the very least of your problems. At any rate; transport security and Cross-Site Request Forgery aren't really related.
So, if you are worried about snooping on the connections, secure it with SSL/TLS. If not... just use the token.