Google have added an option to force gmail to use SSL for everything rather than just for the initial login/authentication. I strongly advise you turn it on.
Go to your gmail account, choose Settings, and then at the bottom of the first page make sure ‘Always use https’ is selected.
You’ll need to patch gmail notifier if you use it – full details here.
The result of this is that all the traffic between you and Google is encrypted while you’re reading / checking / sending mail. It prevents people from hijacking your session over wireless connections or snooping your conversations.
Unfortunately it doesn’t work with the mobile Gmail application.