Although they’re not enabling it for everyone automatically (which they should) Facebook has started rolling out a setting to enable HTTPS. Like most things FB, it will take a while to roll out to everyone but you should turn it on as soon as possible.
To enable HTTPS, go to Account Settings then select Account Security. If there is an option to select Secure Browsing (https) then click the box to enable it. If not, check again later. Eventually it will be there.