Digital rights group Electronic Frontier Foundation reports…
EFF helped organize a coalition of human rights and press freedom organizations that sent a letter in November asking Yahoo! to take this step—one we’ve been advocating for a long time. Without HTTPS, anybody on a wifi network can read all the data sent to or received from a web site (for example, the full text of all the e-mail that Yahoo! Mail users sent or received).
Microsoft and Google webmail accounts already have this enabled, and have for a while. On Yahoo, it’s new – and optional. To enable it, go to your options tab, and under Advanced Settings, make sure the box that says “Turn on SSL” is checked.