Clearly, and I am at the mercy of the American justice system.

if it were somehow deemed illegal, i'm sure github would get a subpoena requesting a list of everyone who downloaded firesheep... and then everyone on HN would be looking for a lawyer.

Github has logs of who downloaded Firesheep.

Github doesn't have logs of who downloaded Firesheep and used it to sniff somebodys traffic without their permission.

I would imagine they would need to actually prove you hijacked someones cookie? You could always claim you downloaded it to view the source or to check if your security implementation was broken by it.