Last June, a group of researchers and academics released an open-letter calling on Google protect users' communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.
We are currently rolling out default https for everyone. If you've previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don't want default https turned on for performance reasons, you can turn it off at any time by choosing "Don't always use https" from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.
This Google page offers additional guidance on keeping your data secure.