I'm was thinking that I would need to get an SSL certificate, but I've just noticed that Facebook doesn't encrypt data over https, so I'm wondering if I need to bother.

I'm transfering info like e-mail address for the users login, and all that is encrypted in my db, so should I also be encrypting it over the wire?

-------additional-------------

So the first to responses were basically 'yes, do it', but 1) why wouldn't a major company like facebook do it, and the start.yourdomain.com from google doesn't do it either, and that has all your email and stuff in it?

2)if I do decide to do it, is there a specific source I should get my certificate from? is there another way to encrypt? as I'm bootstrapping along, should I really be paying a few hundred dollars for this?