Facebook has (finally!) set up secure (https) access in preferences, so you can safely use Facebook on an open wi-fi network (like at a coffee shop) without someone stealing your session and logging in as you and seeing everything on your account, or worse. And it is very, very easy for someone to do login as you otherwise, so this is a real threat.

To activate Facebook secure access, while logged into Facebook,

1) go to Account / Account Settings
2) Account Security - click Change
3) check the box "Browse Facebook on a secure connection (https) whenever possible" and hit Save.

The problem is still present on other networks, so I recommend you use Firefox with the HTTPS Everywhere plugin which you can get from the Electronic Frontier Foundation at:

https://www.eff.org/https-everywhere

This plugin forces the supported services/networks into secure (https) mode automatically.  If you're not using it on Firefox, then you're subject to session hijacking when on an open wifi network. If you're using a different web browser, then you're vulnerable.