if it were somehow deemed illegal, i'm sure github would get a subpoena requesting a list of everyone who downloaded firesheep... and then everyone on HN would be looking for a lawyer.
I would imagine they would need to actually prove you hijacked someones cookie? You could always claim you downloaded it to view the source or to check if your security implementation was broken by it.
Github doesn't have logs of who downloaded Firesheep and used it to sniff somebodys traffic without their permission.