One thing that many sites have glossed over is the inherent illegality of using Firesheep. "Go on! Try it! It's cool!" -- yes, it is shockingly cool, but if you use it on a public network you are breaking the law.
In general, the interception of any communication -- digital or otherwise -- is prohibited by law. Government agencies are the only exception and even then a warrant is usually required. Firesheep, by intercepting digital communication and re-routing it to your Web browser is a wiretap. Unless you're trying to crack the local organized crime racket and you have a warrant in your pocket, you are breaking the law.
Making something illegal doesn't mean people--especially criminals--won't do it. Besides, one could argue that this communication is being broadcast unencrypted and can easily be sniffed passively, thus one should not have had a reasonable expectation of privacy.
The goal of this program isn't to let people hijack each other's web sessions anyway, it's to clearly demonstrate the threat of using unencrypted WiFi using unencrypted protocols, which has existed since WiFi was first conceived. Unfortunately, easy-to-use programs like this are what's needed to apply the appropriate pressure to change our protocols and practices.