Although they’re not enabling it for everyone automatically (which they should) Facebook has started rolling out a setting to enable HTTPS. Like most things FB, it will take a while to roll out to everyone but you should turn it on as soon as possible.
To enable HTTPS, go to Account Settings then select Account Security. If there is an option to select Secure Browsing (https) then click the box to enable it. If not, check again later. Eventually it will be there.
I would also recommend checking out HTTPS Everywhere. It is a Firefox plugin that tries to force secure connections.
http://www.eff.org/https-everywhere
I for one do not get the option to change it. I’m not sure why, perhaps it’s something they are rolling out to people over time.