Old news to anyone that uses tcpdump/Wireshark or any other network sniffer if you know how to find the "session keys". Any unencrypted(or poorly encrypted) data can be intercepted for "bad" purposes. IE iPhones will send/receive all of their local bookmarks in plain text when they sync with the server. This doesn't even take into consideration "man in the middle" attacks.
For the comments along the lines of "don't put anything important and it isn't a problem." You are quite simply wrong if anyone on your friends list trusts that you are you. I could steal your FB account(and even better if I got access to your FB email account at the same time) and then pretend I was stranded somewhere you had mentioned traveling to recently, or as was the case in a recent FB chat exploit scam claim I was in London. And along with the notice, ask for money since I need to pay off some fee or another.