This is a big risk. If you use public wifis to access to banks, e-mails etc you can be in risk. Sometimes there are hackers that create fake free networks that can be used to serve you pages that are clones of the original pages. So when you login in your e-mail on gmail.com you are actually not seeing real Gmail but a clone. The hacker will save your password and e-mail and redirect you to real Gmail. To protect yourself you should avoid using public networks. Even with a VPN you can't protect your self if you are visiting a cloned website. The attacker still is able to capture the information you send. If you are an advanced user you protect yourself by checking the SSL certificates and see if they are legit and belong to the company. I used Gmail as an example but can happen on any website.