It sounds like a bad proxy cache is serving someone else's content to him. I'm just guessing, but I've seen it happen before (with both Gmail and FriendFeed).
I've had the same thing happen with Google calendar. (Later, randomly, I happened to meet socially the guy whose calendar I was mistakenly allowed to read. That was weird.)
Gmail serves its content via HTTPS, which isn't (statefully) proxyable or cachable by design. The explanation from Google makes no sense. If they're serving readable/unencrypted content to anything but the end user's web browser then they have a serious security flaw.
That's what he means by "forcing it" - if you specifically type https://mail.google.com/ Gmail will encrypt the entire session; if you just go to http://mail.google.com/ or (more commonly) www.gmail.com it uses SSL for authentication, then switches you back to unencrypted HTTP for the rest of your session.
This headline jumps to premature conclusions; he saw something weird but there's no confirmation yet that it's a Gmail-specific vulnerability.
In particular, it could be a problem with a misbehaving cache closer to him. (Note especially: in his second screenshot, he's in "Basic HTML" mode. In both screenshots, he's using plain 'http' not 'https' connections.)
It's possible it's Google's fault, but to broadcast that impression without further investigation is unfair to readers -- it's stealing attention with trumped-up claims.