By now, you're probably read
about Robert Graham's Black Hat presentation
(.pdf) on hijacking Gmail accounts by wirelessly sniffing non-SSL session cookies.
The attack technique, called SideJacking, uses two homegrown tools -- Ferret and Hamster -- to sniff cookies from connections to unsecured Wi-Fi networks.
Careless Google account users are vulnerable because Gmail, Google Calendar, YouTube and Blogspot all default to "http:" instead of "https:" (which is available) at login.
It's a safe bet that Google will tweak this default but, in the meantime, there's a new Greasemonkey script that offers another layer of protection to Firefox users.
Created by Mark Pilgrim, GMailSecure forces Gmail to use a secure connection for all logins by redirecting http://gmail.google.com/ to https://gmail.google.com/.
Here's Pilgrim's explanation of how GMailSecure works in the background to protect against things like SideJacking.