No, but for wireless, MITM is a bit harder. They need to be broadcasting and interfering with the station you're trying to connect to - that should be at least somewhat detectable, and alert people to the possibility. And certificates are a known system, implementing them is beyond "doable" and into the "easy" realm.

In any case, current MITM-prevention techniques should work just fine w/o a password. Unless someone knows otherwise, I don't really see why a default-encrypted system would be any more vulnerable than something behind a password.

> They need to be broadcasting and interfering with the station you're trying to connect to

The article raises the point that if you're just looking for a connection, you might not know the ID of the access point you want. Most of the time, if you want to snoop on people's traffic all you'd need to do is set up an AP with a higher signal strength than your neighbour's (and just forward the traffic on to the neighbour to get the bits onto the internet.)

More to the point, even if you do know the ID of the access point they want, you may not know that it's trustworthy. Even if the link between you and it is encrypted, it still gets to see your packets in the clear.

Yes, but if you're randomly connecting to un-trusted networks, you're... randomly connecting to un-trusted networks. Protect yourself with an SSH tunnel, or some other kind of VPN, and / or only run on https sites / fully-encrypted protocols.

Seriously, you're asking to be MITM'd if you're connecting to un-trusted networks. Literally. If you don't understand that, then you deserve what's coming to you. As long as you're not protecting yourself by somehow tunneling to only trusted end-points, there's no way to secure yourself.