A few days later I clarified the post with comments from Microsoft's Francois Doremieux, Senior Program Manager, Product Group: Customer Experience.
The clarification basically explains that even if a hotspot is not secure, using a VPN or other encrypted stream of data makes it lot better than just opening a web browser and entering passwords and account numbers.
Today The Wall Street Journal explains a bit more in detail how hotspots can be used to collect your personal information. The article suggests ways to protect yourself and in addition advises you to do your banking, etc at home.
Excerpt:
Protecting Yourself
Stay current. Make sure your laptop is up to date. Don't use old versions of your operating system and Web browsers, says Mr. Sinha, of AirDefense. Keep your firewall, antivirus and antispyware software current, too.
Use a VPN. Virtual private networks can be set up for personal, as well as corporate, use. Do a Web search for "personal VPN" or try a software retailer. Karen Hanley, senior director of the Wi-Fi Alliance, a nonprofit industry trade group, says the chances of getting hacked using a wireless hot spot are slim. But "we need to remind people to practice safe computing."
Bank at home. Avoid conducting financial transactions at a hot spot. "Don't go sell your stocks or do any online banking," says David King, chief executive of AirTight Networks. Do all of your financial transactions at home, he says.
Name your home network. For your home network, don't use the generic name, called the SSID, that came with the wireless router, says Robert Richardson, director of the Computer Security Institute, an association of computer-security professionals. Hackers will often create Wi-Fi networks with names like "default" or "linksys" (named after a router manufacturer) because most laptops are configured to automatically connect to networks that they've used in the past.
Give Wi-Fi a rest. Turn off your laptop's Wi-Fi capabilities when you don't need to connect to the Internet. Most laptops search for Wi-Fi signals automatically and the connection stays open even if you don't boot up your Web or email application. If your laptop automatically connects to a Wi-Fi network run by a hacker, she might be able to search your computer for sensitive data, even information that would allow access to your company's network.
Technorati
Del.icio.us
Slashdot
Digg
twitter
Around Chicago there's quite a few hotspots run by a provider called Titan. It's www.titanhotspots.com I believe. Their hotspots isolate all of the users into their own subnet which is pretty nice. I've tried using packet sniffers at a few of these locations and I can only view my traffic. It looks like perhaps some are getting better about security but independently setting up just an out of the box router yourself isn't going to do it.
Couple of good related public wi-fi security tips over here: http://www.freewifihotspotsoftware.com/security_tips.html
Wade
82nd street hotspot software