I don't know if I saw this story here, but it seems rather strange...

Even when you think that you access your gmail account via a secure ssl connection, data can be sent through an unsecure connection. Some hotspots don't allow ssl traffic and when Gmail isn't able to use a secure connection it automatically tries an unsecure connection in background...

I've read it in a dutch article but it seems to be mentioned here too:
http://blogs.zdnet.com/Ou/?p=651

I've read a similar article about this on Ars Technica.

<< His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service. Virtually all companies provide a secure login portal, but many do not secure the connection thereafter, which exposes the end-user to potential hacking as described above. During his demonstration at the time, Graham said that Google Mail users could switch to https:// mail.google.com and secure their session from such snooping—but he's now backed away from and qualified that statement. >>

But Gmail is not the only one that this could affect:

<< Facebook, MySpace, and Yahoo Mail are all affected by the issue, as are other "Web 2.0" sites. >>

http://arstechnica.com/news.ars/post/20080201-report-google-mail-vulnerable-to-sidejacking-despite-ssl.html

Even "old school" websites.