The Washington Post covers a letter by security researchers and academics urging Google to adopt encryption (HTTPS) as the default for all of its services. (Disclosure: I signed the letter.) The letter makes the case convincingly:
Google uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers’ login information. However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar. As a result, Google customers who compose email, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries, and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers. Tools to steal information are widely available on the Internet.
Thanks to Chris Soghoian for his leadership on this one!