If you enable this in your account, Gmail will not allow you to use non-SSL. If you attempt to log into "http://mail.google.com", it will switch to "https://mail.google.com".
Moreover, the session cookie "GX" is set with the "secure" flag. That means you won't disclose if even if you try normal HTTP. I have not yet been able to grab the cookie and hijack an SSL Gmail session yet. I can still hijack a lot of other Google stuff. For example, I'm posting by hijacking my own Blogger account.
The following is the cookie specification for cookies sent by the server:
= [; = ]
][; domain= ]
][; secure][; HttpOnly]
When looking at the Gmail cookies, only the "GX" cookie is set with "secure" flag, all the rest can be sent via HTTP. However, the "GX" cookie is the important one that allows me to hijack the session, so that's probably appropriate.