one of the reasons why I cannot recommend NRPE - the configuration formats don’t fit and it gets cumbersome. You can of course allow every argument being overridden with nrpe_arguments (the security issue is already opened with allowing -a on the client anyways).
This goes even further, -w and -c can be overridden in the “-a” section … but psssst, don’t tell the security department.
In your example, nrpe_arguments is just an array with key and value parameter pairs.
Icinga doesn’t validate this, nor checks whether the order is correct. That being said, I wouldn’t put that into production but rather migrate to the Icinga agent. There the thresholds can just be set similar to your http check, with the only difference of setting the command_endpoint attribute to control where the check is executed.