Oy. Apparently it’s a really bad idea[ZDNet.com] to use GMail (or any other cookie-session based web service, for that matter) on a public or unsecured wi-fi hotspot.
For GMail, logging in using https://www.gmail.com/ should head off this particular vulnerability, but unfortunately GMail doesn’t use secure http (i.e. https) by default. A word to the wise: change any shortcuts to these services you use at airports, etc. to https: instead of http:.
