If you check Gmail's settings, the last option under the "General" tab lets you "always use https" when accessing Gmail. It's a fairly new option, and it might sound strange; isn't Gmail secured by SSL (Secure Socket Layer) by default (hence switching to "https://gmail.com" when you type in "gmail.com" in your browser)?
The answer is: yes and no. Once you log in, Gmail reverts back to an unencrypted connection, since SSL connections are slower than regular ones. This means that whatever you do on Gmail is unencrypted from now on, and someone sniffing traffic on your network can easily obtain sensitive data.
Of course, not everyone has the skills to do that, so the chances of it actually happening are pretty small. Or, better put, they were small until now. As reported by Hacking Truths, a tool has been presented at DEFCON that makes stealing session IDs from Gmail a relatively easy affair. And once someone has your session ID, he/she can log in to your Gmail account without authentication.