Use https://www.facebook.com, not http://www.facebook.com!! Or you can be easily hacked!!
Your Facebook password can be easily sniffed by hackers on your network, your co-workers, your boss, your ISP and virtually anyone that you didn’t meet before. This is because you probably get to Facebook by typing in www.facebook.com or http://www.facebook.com.
The S, yes it’s all about the S, meaning SECURED, simply add the S to the http:// so it becomes https:// . By doing this Facebook will exchange a key with your machine that only you and Facebook have and it’s unique for every session, the key will be used to encrypt all data transfered between you and facebook which we web developers call SSL or Secure Socket Layer.
In other terms, without typing the S your information including Facebook password is being transferred in the internet in plain text waiting for someone to pick it up which is not a hard thing to do.
Next time remember:
What is Mark Zuckerberg is thinking, SSL should be enabled by default and forced like in Gmail, why do we have to force SSL on Facebook ourselves?
(Reproduced from http://www.technolibya.com/internet/security/force-ssl-secure-facebook.html, Mar 11, 2010)