The EFF says public WIFI isn't so bad any more

The decade-old warning to stay off public WIFI systems is no longer valid.

EFF:

There are still a few small information leaks: HTTPS protects the content of your communications, but not the metadata. So when you visit HTTPS sites, anyone along the communication pathfrom your ISP to the Internet backbone provider to the sites hosting providercan see their domain names (e.g. wikipedia.org) and when you visit them. But these parties cant see the pages you visit on those sites (e.g. wikipedia.org/controversial-topic), your login name, or messages you send. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. Theyd be able to see that metadata, just as your ISP could see when you browse at home. If this is an acceptable risk for you, then you shouldnt worry about using public Wi-Fi.

Similarly, if there is software with known security bugs on your computer or phone, and those bugs are specifically exploitable only on the local network, you might be at somewhat increased risk. The best defense is to always keep your software up-to-date so it has the latest bug fixes.

What about the risk of governments scooping up signals from open public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies.