Originally Posted by fly-yul
WIFI or not, all your data is available for packet capture to anyone upstream. What should you do? The same thing as always. Use SSH, SSL and HTTPS. If you packets are encrypted it does not matter who is looking at them.
This depends on who is operating the AP. It is possible to intercept ssl (https). The user would probably get a message about the key not being issued by the provider, but those are common enough messages that most people would probably just click, "OK."