Even if you were proxying through Tunisia, there could be a chance that your credentials were stolen. Today I woke up to read about how facebook dealt with the problem, guess what they used , https 🙂 http://www.theatlantic.com/technology/archive/2011/01/the-inside-story-of-how-facebook-responded-to-tunisian-hacks/70044
The register also confirmed this http://www.theregister.co.uk/2011/01/25/tunisia_facebook_password_slurping/
The question I always ask myself is why does facebook direct people to login to their http site while they have a https site where communication is encrypted? Even after the release of powerful tools such as wifizoo and firesheep which can be used to intercept http traffic with ease, why does the site with more than ~600 million people with accounts waiting for to use https as the default login page?
To avoid these issues, I always have a mozilla plugin, https-everywhere to force redirection to https. There is another plugin also for mozilla called force-tls that does the same thing. So do the bright thing, use https.
But even with https, be careful, awesome tools such as ssl-strip can be used with an man in the middle attack to strip out the ssl as the traffic. http://www.securitytube.net/Stripping-SSL-and-Sniffing-HTTPS-using-SSLstrip-video.aspx