I know about it the vulnerability and I still login to facebook in public places. It's like the locks on our front doors.. you don't break into everyone's house just to prove they aren't very good do you? I know you could just smash my windows, but you don't, and I appreciate it. It's facebook that needs to fix the bug, not me.
Maybe send the first message, but don't be obnoxious on purpose. I dunno.
If you walked by someone's house and their car was sitting in their driveway with all the doors wide open and a box of personal documents in the back seat, you'd probably knock on their door. If the car was still there after an hour, you'd probably knock again. I sent only two messages, and they were short and to the point.
(edit) What I mean here, is that to know that someone's door is unlocked, you have to check each house. To pick a lock, you need some rudimentary skill. Firesheep (and the underlying vulnerability) is wide open and requires 0 skill to operate.
It's one thing to politely knock on the door, it's another to keep banging on their kitchen window when they are obviously ignoring you. The users probably feel helpless and just want to be left alone.
For a non-tech person it's a pretty big jump from surfing Facebook at Starbucks to setting up a VPN.
The difference is, so far there are no robots that automatically break into your house. Since your info can be harvested automatically, not sticking out as a target does not help. It is nothing personal - a script will simply steal your info automatically.
Edit: waiting for the Starbug - small devices you stick to the bottom of a desk in starbucks that stream user data to your hacker home.
I totally get where you are coming from with this. If I have a bag with me in a public space, or if I left my email open on my laptop and left the room I would not expect anyone to help themselves to the content. It's a trust issue. I guess the difference here is that someone could go unnoticed in our midsts.
Maybe send the first message, but don't be obnoxious on purpose. I dunno.