As with most web-based email options, the login phase of your gmail session is encrypted and protected from prying eyes. However after you’ve been logged in, you’re sent to a non-SSL-encrypted inbox where you, and anyone sniffing your network (like your company’s Network Administrator), can read your mail. This is especially a risk for those of us using WiFi where your information is ripe for the plucking.

A simple solution to the problem for those of us using Gmail is to log into gmail using this url: https://gmail.google.com instead of http://gmail.google.com.
This ensures that the entire process after logging in is encrypted on their secure server.