What kind of attack do you think SRP protects against, that you need protection against?

Do you not trust the ISPs on the way between the client and the server, AND you don't trust the TLS certificate chain of trust?

Pretty much the only case where SRP would be better than password-over-TLS is where you believe there exists a man in the middle that has managed to insert a trusted root certificate into the clients' root store. Which is totally possible when we're talking about state actors, but ... it's unlikely the NSA is all that interested in your game :-)

I'm not saying it's a bad idea to use a well tested library and protocol. Just curious why you choose to worry about those kinds of attacks.