If you check Gmail's settings, the last option under the "General" tab lets you "always use https" when accessing Gmail. It's a fairly new option, and it might sound strange; isn't Gmail secured by SSL (Secure Socket Layer) by default (hence switching to "https://gmail.com" when you type in "gmail.com" in your browser)?

The answer is: yes and no. Once you log in, Gmail reverts back to an unencrypted connection, since SSL connections are slower than regular ones. This means that whatever you do on Gmail is unencrypted from now on, and someone sniffing traffic on your network can easily obtain sensitive data.

Of course, not everyone has the skills to do that, so the chances of it actually happening are pretty small. Or, better put, they were small until now. As reported by Hacking Truths, a tool has been presented at DEFCON that makes stealing session IDs from Gmail a relatively easy affair. And once someone has your session ID, he/she can log in to your Gmail account without authentication.

In practice, this means that not having the "always use https" option checked, especially if you're accessing Gmail through a wireless hotspot, or any other unsecure network, has become a hazard, and is not recommended. Google has been fairly silent about this, letting users decide what they want to do, but I've switched to SSL and I recommend you do, too, especially if you use Gmail for business purposes.