Facebook uses browser cookies to identify who you are. These are transmitted unencrypted across wireless networks. As such, it is easy for someone to listen in, copy the cookies, and then use them to impersonate you. Firesheep is a Firefox plugin that automates this process.
Sharing a wireless connection with a bunch of flatmates? Any of them can easily access all your Facebook information or impersonate you. Same goes for people in coffee shops, libraries, on vehicles with WiFi, and so on.
Of course, HTTPS is vulnerable to man-in-the-middle attacks, but that is probably beyond the scope of what some random Facebook hacker would attempt. That being said, what I said before about Facebook and privacy holds true – you are best off only putting things on the site that you are happy for everybody in the world to see. That applies as much to private messages between users and ‘private’ photo albums as it does to status updates broadcase to one and all.