Why wouldn’t you use SSL

Yes, just add an "s" to the http in the address bar - so to get to Gmail over SSL, type in:

https://www.gmail.com

You can also change a setting in Gmail to require your account to use SSL:

We've recently made the 'Always use https' setting the default behavior in Gmail (the default used to be http). Here's some background: If you sign in to Gmail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. Accordingly, we enable the 'Always use https' option in Gmail by default. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.

In your Gmail settings, under the General tab, select "Always use https":

As of July 2013, Facebook is https by default:

We now use https by default for all Facebook users. This feature, which we first introduced as an option two years ago, means that your browser is told to communicate with Facebook using a secure connection, as indicated by the "https" rather than "http" in [the URL]

However, the http interface remains

Some mobile phones and mobile carrier gateways don't fully support https. While we're working with the vendors of these products, we didn't want to leave https off entirely for affected users.

This is regrettable because it leaves possible the sslstrip attack whereby a man-in-the-middle rewrites https links to http, and serves a similar looking page at the http url. The solution is the HSTS header which tells the browser to always use https for a given site.