I still wouldn't use a public wifi without a VPN...

Test how many SSL connections go the extra mile and secure themselves against Man in the Middle attacks. You'll be surprised.

All of them, since that's an explicit design goal of SSL/TLS?

If a user wants their free wifi enough they'll be happy to click through those pesky warnings that the root cert is not trusted. They'll probably not think anything of it if it loads as normal, even with a big angry red cross. The speed at which users rip though Windows UAC warnings is astonishing.

https:// with no extra options is still very much prone to downgrade/stripping attacks, and first-time connections to an https:// site are particularly vulnerable since a lot of the extra hardening options (HSTS in particular) can be nullified through TOFU.

There is a big difference though. This thing can actually act as an agent in a botnet that could be used for lot of things, such as DDOS'ng.

Who's to say that the public wifi you're connecting to doesn't have one of these things attached?

Exactly. Came here to post this and ask what I'm missing.

You might be looking at the difference between HN and reddit as a community