The folks over at Wired.com have an entry up on how and why you should enable Gmail’s SSL feature that is worth a read:
Why? Because without it, anyone can easily hack someone’s account and in two weeks it is going to get even easier. Mike Perry, a reverse engineer from San Francisco, announced his intention to release his Gmail Account Hacking Tool to the public. According to a quote at Hacking Truths, Perry mentioned he was unimpressed with how Google presented the SSL feature as less-than-urgent. It is urgent, and here’s why.
The reason why is pretty simple. Without the SSL feature turned on Gmail only uses a secure connection for the initial login and then all session data is sent back and forth unencrypted. The problem with that is your session data includes your login information which kinda defeats the point of having it encrypted during the login. Someone sitting with a packet sniffer looking at your network traffic could snatch that info from the data stream and have full access to your account and all the archived emails. By turning on the SSL feature the entire session will be encrypted from beginning to end.
You can tell if your session is encrypted by looking at the address bar of your browser. If you see HTTPS: at the start of the address while reading your email then you’re encrypted. This feature is turned off by default so if you haven’t specifically turned it on then you’ll want to. You can do that by clicking on the SETTINGS link in the upper right corner of the Gmail screen and on the GENERAL tab (which should be the default that comes up) you scroll down to where it says BROWSER CONNECTION and click on the box for “Always use https.” Then just press Save Changes to update your account. You may need to quit and login to Gmail again to make sure it’s working.
You won’t notice anything different about how Gmail works from before, but you’ll be a little better protected.