This attack does not apply as long as you browse completely over HTTPS. So just bookmark the
https://www.mtgox.com/ url, use only that bookmark, and you'll be fine.
So that means the data is encrypted the URL is not.
HTTPS encrypts also the URL and other request details.
I agree, to my understanding HTTPS sends a signal that we are doing a secure connection(with no data besides IP) and then after the key's have been exchanged it will then proceed to send necessary data after a secure connection has been established.