Facebook is finally providing a way to prevent jerks and criminals from hijacking your facebook account while surfing at your local cafe. In typical Facebook style YOU have to enable the feature. Its not on by default although Facebook has promised to make it so in the future.
[quotes]
By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.
[/quotes]
You can sign up for Facebook HTTPS by going to Account Settings and then selecting "Account Security," third from the bottom. Then click under "Secure Browsing" — if it's there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.
Thanks to gawker.com for highlighting this new feature.