Thanks Osarobo but that wasn't my exact question. I know I can enable SSL, my question is wondering if there is anything useful being written across the wire that could be used in a malicious way. So if someone told me that none of the session data being written to the session store could be used to circumvent security, then I would say why bother with SSL.
Sam