1. says

    Welcome to another of the many reasons I don't use things like Facebook. They are almost never designed with security in mind.While that Firefox extension is a good one, you can generally achieve the same thing by changing the "http:" in a URL to "https:". Just look for the lock symbol to make sure you're actually using HTTPS.

  2. says

    It's not really a Facebook problem, per se. The security issue is that FireSheep steals your login cookies; some sites allow login to happen in http mode. For sure try to force the login to switch to https. Any way possible!