You may not know this but you can set Gmail to encrypt your session data by default to protect it from being sniffed over the network. However, Google doesn't offer the ability to encrypt potentially sensitive data created in other Google apps like Docs or Calendar by default, which means the communications could be stolen or snooped on by someone using a packet sniffer on public Internet connections, such as open wireless networks, according to the letter addressed to Google Chief Executive Eric Schmidt and signed by a who's who of 38 experts in the security industry.
Granted, users of other free e-mail services, social networks, and many other sites are vulnerable to data theft and account hijacking, the letter notes. But Google is in a position to set a standard for others to follow, it says.
Google should enable HTTPS (Hypertext Transfer Protocol Secure), a technology used by banks and e-commerce sites, by default for Gmail, Docs and Calendar, or at least do more to educate users about the privacy risks and make it easy to turn on the HTTPS by default, the letter urges.
Click here  for the rest of the article.