When I first started using gmail, there wasn't a setting to secure it, but you could do it manually by changing the first "http://" part of an address to "https://". Now, Google has a setting that you can do this with and enforce it.
Under "Settings" look for "Browser connection:" and make sure it's set to "Always use https".
If you use Gmail, you should check this now. Like, right now. It's always been possible for people to easily get into your account if you don't use the encryption, but now someone is about to release a tool to the public that does it automatically.
Computer security can be complicated, but this is a VERY easy fix now that google has provided the setting. Make sure you take advantage of it.
Update: November 2021
Blows my mind to remember there was a time when:
1. Gmail wasn't secure by default 2. You had to manually change the URL to make it so 3. They released a switch but it was turned off by default
Using a secure 'https' instead of an insecure 'http' takes more resources and it used to be a big hit on servers. Thankfully, that's not the case now.
In fact, Google now looks to see if your site is on a secure 'https' connection and uses that in their calculation of your search result page ranking (source.
That's much better for everyone.