By default, Gmail uses https for its login routine but reverts to http for general website usage. As noted in this previous hint, one can force full-time https by simply typing in an 's' at the beginning the Gmail URL.
Google's Gmail Dashboard widget follows the default routine, but just like using the website, one can force it to use https full time. This requires editing a file within the widget, so it would make sense to make a backup copy in case you're worried about messing things up. Alternatively, you could always re-download the widget from Google if you break something. Here's how to modify the widget:
Gmail.gmailUrl = "http://mail.google.com/mail";
Simply add an s after the http, so that it looks like this:
Gmail.gmailUrl = "https://mail.google.com/mail";Mac OS X Hints
http://hints.macworld.com/article.php?story=20070213214851769