Because Android prior to 2.3.4 sent authTokens for Contacts, Calendars and Picasa in clear text, if you were on an unencrypted network, a mean person could theoretically sniff out the authToken and access your personal data. Not good!
So Google’s pushing a fix right now that’ll patch up the vulnerability for every Android phone over the next few days. It’ll fix the problem for Contacts and Calendars immediately, though not for Picasa—there’s something different there technically, according to a Google spokesperson. (Any idea why, dear readers?) It won’t require you or your carrier to do anything—it’ll just like, happen, sometime in the next few days.