Go to Account --> Account Settings --> Account Security and enable HTTPS browsing for your account as shown below.
I am bit surprised though why this isn't enabled by default.
There were many incidents reported where the Facebook sessions were hijacked - using Firesheep - a Firefox add-on.