So go to your gmail Setting page now, scroll all the way down, and choose "Always use https" in your "Browser connection:" setting.
Click "Save Changes", sigh, get back to email :).
To drive the point home, here is the text from this comment on /.
Unless you SET THE PREFERENCE, you are insecure, even if you MANUALLY type in https://mail.google.com/ [google.com] always.
Because unless you SET THE PREFERENCE, google does NOT set the session cookie to be SECURE.
This is what Mike Perry's tool does: it takes any of your OTHER connections, redirects it to http://mail.google.com/ [google.com] so your browser spits out the session cookie anyway, and then can redirect you back (so you don't know what happened).
Google's SSL mode for gmail, UNLESS YOU SET THE PREFERENCE, offers you NO protection against an active adversary. And since someone snooping your traffic at starbucks can just as easily inject packets, IT OFFERS NO PROTECTION EVEN IF YOU MANUALLY TYPE IN HTTPS ALL THE TIME, UNLESS YOU SET THE PREFERENCE!!!!
What are you waiting for, go secure your gmail!