Re: Been that way for years
on a train, the guy next to you might be doing an MITM attack by setting up a wifi gateway...
Years ago, as a joke, while riding on a train, I set up a wifi AP on my laptop, running FreeBSD, to see how many people's computers would attempt to connect. A few hits, but enough as proof of concept. no internet was accessible, though, just the AP running. didn't even do DHCP. wasn't trying to crack systems, just see what would happen. Now, if I were REALLY trying to crack things, I'd have some spoofed intarweb stuff on there, or maybe MITM gateway to the *real* intarwebs, and some ssh-sniffing stuff to go with it... because knowing it CAN be done proves why you should be concerned!
Also worthy pointing out is the number of "promiscuous" computers out there that latched onto any AP they could find... and cell phones capable of acting like intarweb gateways.
VPN looks pretty good at this point (as was proposed as a solution in the article) as long as you're careful about verifying any server-side keys/certs to make sure you're talking to the right one.