Go to Account --> Account Settings --> Account Security and enable HTTPS browsing for your account as shown below.
![](http://1.bp.blogspot.com/-WL0vjSUwQX0/TWCR8H-WesI/AAAAAAAAArc/YbrlXvVjyhg/s400/Screen%2Bshot%2B2011-02-20%2Bat%2B9.27.12%2BAM.png)
I am bit surprised though why this isn't enabled by default.
There were many incidents reported where the Facebook sessions were hijacked - using Firesheep - a Firefox add-on.