What's the actual vulnerability when simply using an unsecured wireless network? Sure, it's easy for them to MitM you if you're using http, but if you're only using https, what's the harm?
DNS queries and the unencrypted parts of the HTTPS protocol (like SNI without recent enhancements). So passive sniffers can at least see what sites you're visiting.