>DEF CON provides conference WiFi with preauthorized certificates (WPA2), so [if you remove all other known open networks] then [you can have secure and sane WiFi at the conference].

Emphasis mine. Merely "removing" networks from your device does not preclude you from being attacked. Broadcom and all the locked-down devices that aren't iphones or high-end android devices who use them demonstrate this quite nicely.

I haven't heard any reports of people using the Broadcom attack on a vulnerable device at DEFCON (And there are a whole lot of people monitoring the airwaves)