And the only way to ensure that data is encrypted once it enters the ether between you and the intended target is SSL with all certificates intact.
Correct-a-mundo, amigo. If it's not a signed (or otherwise verified) certificate, you are subject to a man-in-the-middle attack. The dude in the ripped t-shirt with the wireless laptop next to you can't get it, but the guy next to him who has plugged into the WIRED connection the careless hotspot operator left open can easily fire up a NIC in promiscuous mode and hit RECORD on a LAN sniffer. As can the operator of the hotspot itself, as can the operator of any router between said hotspot and your intended endpoint. A couple of bad routing entries and that data is in China - it's happened before and WILL happen again.
Encryption between your device and the wireless access point is useful only between your device and the wireless access point. This is great if you have specific assets on the wired network behind that access point you wish to protect. Including your Internet connection in case you have a service provider who likes to play nicey-nicey with the likes of MPAA or RIAA. Personally, I encrypt the living feces out of my WiFi, not because I don't want to share, but because I don't want some drive-by asshat to put me in bankruptcy court because they decided they wanted to use my connection do download two albums. But the lunacy of copyright law is a discussion for another thread.
Proper SSL with certificates is useful from your device to the endpoint, and prevents both data interception AND connection interception (where someone in the middle can pretend to be the endpoint you are seeking and record the conversation wholesale or introduce altered data into it, such as changing the dollar amount, R/T, and account numbers on that wire transfer you just authorized - so the ten bucks you just sent to Uncle Ed for his birthday just turned into ten thousand bucks for Uncle Al Qaeda).
Again, some sort of encryption on the wireless is nice in a "belt and suspenders" sort of way. But SSL is more than adequate encryption for anything short of the kind of stuff people in large black SUVs with immediate access to really cool black helicopters might need.
Open access points are not a security risk if any data you care about is SSL encrypted.
WPA2/AES with a 30-character complex passcode is VERY MUCH a SEVERE security risk if any data you care about is NOT SSL-encrypted end-to-end. As soon as it comes off the wireless, it's PLAINTEXT.
Paranoia is great, just make sure it's USEFUL paranoia. Worrying about the security of the first thirty feet of your data's travels is silly when it's got many thousands of miles left to go and you're OK with it being plaintext for that part of the journey. It's like putting your seatbelt on to pull out of your driveway then taking it off once you're driving.
Facebook
Twitter
Instagram