This is probably true, but aside from the obvious benefit of location swapping to use Geo-locked things, a VPN is kinda like a condom. Sure, the chances of you getting an STD from connecting to that random free public hotspot in $RANDOM_CAFE is pretty slim, but why take the chance? I do not connect to public WiFi anywhere without a VPN active. With the VPN, sure there's also an amount of blind trust, BUT I can at least research the VPN to determine the level of risk involved and make a generally informed opinion on whether or not to trust them, where I cannot really easily verify that "Maid Cafe Public WiFi" and "Maid Cafe Public WiFi 2" are legitimate APs. It's just risk mitigation IMO and running a TLS encrypted connection across an also encrypted VPN session moves that risk from Killed By An Out Of Control Bus to Killed By Falling Space Station Debris territory.

Note, for #1 above, I, personally, don't type critical things where people can easily see them without being noticed, and my laptop always has a security screen on it which minimizes the "over the shoulder" viewers. But unlike the average person, I lean very far to the paranoid side of situational awareness.
For 2, there's NOTHING you can do to mitigate that, so it's not a concern at all.
For 3, that's why I use LastPass and a purely random password for every single account I have.