browse on SSL especially when you are on open wifi. kthxbai.
Facebook has an option to stay on SSL after login - breaks some things (notably the crappy applications you don't really need). You have to select this yourself - and you should.
Sophos would like this to be the default. SSL always.
This is especially important if you are connecting over unencrypted wi-fi (such as BT FON, or Openzone, or most other 'open' wifi connections).
Once you've logged on anyone else with a connection to that hotspot can steal your cookies, and hijack your session, using something like firesheep.
Blocking third party cookies helps too - with so many sites integrating facebook, your cookies leak all over the place.
This applies to many other site - potentially even more dangerous than the risk of getting 'fraped' - your gmail account may be hijacked simply from doing a google search, even when you don't think you are logged into gmail.
I like the HTTPS everywhere firefox plug in.