In a blog post today Facebook detailed some of their new security improvements:
Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the “Account Security” section of the Account Settings page.
Enabling this option will effectively prevent you against Firesheep and similar account hijacking methods. I think it’s fairly safe to assume this feature is a direct response to Firesheep, even if it seems to have taken them 4 months to roll out. Though, it could also be a response to Zuckerburg’s account hack yesterday.
I’m going to go one step further than Facebook and say, you should absolutely enable this option as soon as it’s available to you.